Upgrade to async v3 due to CVE-2020-8203

brianreavis / sifter.js

A library for textually searching arrays and hashes of objects by property (or multiple properties). Designed specifically for autocomplete.

1.09k stars 125 forks source link

Open espen opened 3 years ago

espen commented 3 years ago

async v2.6.3 uses an outdated version of lodash which has a low severity security issue (CVE-2020-8203). Async v3 does not depend on lodash at all.