findup-sync 3.0.0 has a Prototype Pollution vulnerability that is fixed in version 4.0.0
js-liftoff is a dependency of Knex DB. We're using this in multiple production projects in a commercial environment. Please can you expedite this pull request so that w can then fix the vulnerability in Knex.
Hi @tkellen / @phated
findup-sync 3.0.0 has a Prototype Pollution vulnerability that is fixed in version 4.0.0
js-liftoff is a dependency of Knex DB. We're using this in multiple production projects in a commercial environment. Please can you expedite this pull request so that w can then fix the vulnerability in Knex.
I have tested this as a non-breaking fix.
Happy to answer any questions