search

clarkie / dynogels

DynamoDB data mapper for node.js. Originally forked from https://github.com/ryanfitz/vogels
Other
490 stars 110 forks source link

Old lodash version shows a low severity vulnerability with npm audit #157

Closed ktchernov closed 5 years ago

ktchernov commented 6 years ago

When using npm version >6, there is a low level security errors when running npm audit, caused by using an old version of lodash: https://nodesecurity.io/advisories/577

Simply fixed by bumping lodash version.

PR: https://github.com/clarkie/dynogels/pull/155

cdhowie commented 5 years ago

Closing this as a duplicate of #148, which has a subtask of updating dependencies to satisfy bitHound (which checks for vulnerabilities).