Avaq
commented
5 years ago Any chance this can be merged and released? NPM is bugging users of ejs-loader about this security vulnerability.
Closed bemjb closed 5 years ago
Avaq
commented
5 years ago Any chance this can be merged and released? NPM is bugging users of ejs-loader about this security vulnerability.
difelice
commented
5 years ago Why is this taking so long?
hg-pyun
commented
5 years ago 
digitalica
commented
5 years ago would be nice if this could be fixed.
jkumara
commented
5 years ago Any chance that this could be merged soon?
Tcheikovski
commented
5 years ago Please could you merge the fix ?
difelice
commented
5 years ago Hi @okonet can you please get a minute and review this PR? Thanks.
okonet
commented
5 years ago Unfortunately I don't have any capacities right now. I can transfer the repo to you @difelice if you want to take care of it. Deal?
difelice
commented
5 years ago Sure @okonet, I'll have a look now and make sure is safe to merge. Thanks!
difelice
commented
5 years ago @okonet can you please transfer NPM ownership to my user difelice. Thanks.
Ref: https://docs.npmjs.com/cli/owner
okonet
commented
5 years ago @difelice done
difelice
commented
5 years ago @okonet last request, can you please remove repo from travis-ci.org? Thanks.
okonet
commented
5 years ago 😤 I’ll try ASAP
There's a recent lodash security advisory that affects all versions of lodash before 4.17.5. As far as I know, there is no patch for lodash 3.x. While the security issue doesn't affect anything that this package specifically does, it's generally safer to not have vulnerable packages around if possible.