niftylettuce
commented
5 years ago TBH anyone that is affected by this has poor architecture and a poor sense of security. PR is welcome. I occasionally version bump deps.
Closed JonathanJamesRasmussen closed 5 years ago
niftylettuce
commented
5 years ago TBH anyone that is affected by this has poor architecture and a poor sense of security. PR is welcome. I occasionally version bump deps.
JonathanJamesRasmussen
commented
5 years ago Thanks for clarifying. I was going based on a GitHub security alert, but after running NPM audit, it seems to be a non-issue.
There is a high-severity security bug in Lodash that was recently published:
https://github.com/lodash/lodash/pull/4336
It appears as though this tool isn't updated to use this patch yet.