search

dthree / vorpal

Node's framework for interactive CLIs
http://vorpal.js.org
MIT License
5.63k stars 278 forks source link

Node Security Issue with lodash: 577 - Prototype Pollution #312

Open johncblandii opened 6 years ago

johncblandii commented 6 years ago
screen shot 2018-05-14 at 6 04 49 pm

We need a lodash update. It'd be a good time to release to resolve #301 as well.

AukeTembrink commented 5 years ago

I can approve this. +1

Berkmann18 commented 5 years ago

It still seems to be a problem on 1.12.0 according to Snyk (https://app.snyk.io/test/npm/vorpal/1.12.0).

johncblandii commented 5 years ago

I'm pretty sure this project is dead, @Berkmann18.

Berkmann18 commented 5 years ago

@johncblandii I hope not. @dthree ?

tsujp commented 4 years ago

Why has this not been merged, rather unacceptable that a high security vulnerability has been here for over a year

slinkardbrandon commented 4 years ago

@tsujp Because the project is dead and the old vorpal admins haven’t put anyone else in charge.

tsujp commented 4 years ago

@slinkardbrandon I guess either https://github.com/vorpaljs-reforged/vorpal or https://github.com/oclif/oclif is the play now.

davidnussio commented 4 years ago

I'm starting using this fork: npm i @moleculer/vorpal