Closed bemjb closed 5 years ago
Any chance this can be merged and released? NPM is bugging users of ejs-loader
about this security vulnerability.
Why is this taking so long?
would be nice if this could be fixed.
Any chance that this could be merged soon?
Please could you merge the fix ?
Hi @okonet can you please get a minute and review this PR? Thanks.
Unfortunately I don't have any capacities right now. I can transfer the repo to you @difelice if you want to take care of it. Deal?
Sure @okonet, I'll have a look now and make sure is safe to merge. Thanks!
@okonet can you please transfer NPM ownership to my user difelice
. Thanks.
Ref: https://docs.npmjs.com/cli/owner
@difelice done
@okonet last request, can you please remove repo from travis-ci.org
? Thanks.
😤 I’ll try ASAP
There's a recent lodash security advisory that affects all versions of lodash before 4.17.5. As far as I know, there is no patch for lodash 3.x. While the security issue doesn't affect anything that this package specifically does, it's generally safer to not have vulnerable packages around if possible.