Closed sanjowinson closed 5 years ago
You're reporting lodash security issues, how is that hoek's concern ?
How I can fix this can you please suggest, how can I change lodash to hoeks
That question doesn't make sense.
grunt-usemin
is unmaintained according to their own repo (https://github.com/yeoman/grunt-usemin), use something else, and don't report your issues to the 1st random project you see.
I have installed nodejs latest version 12 and while am doing npm install .
audited 731 packages in 2.064s found 4 vulnerabilities (2 low, 2 high) run
npm audit fix
to fix them, ornpm audit
for detailsHow I can fix this and why it is coming. Or this warning is will not affect the build.
One more thing once I done "npm set audit false" the error gone but its is listing in "npm audit" command. Can some one help me on this ASAP.
================root@ip-172-31-94-221:~/grunt-build-exploration/dist_generator# npm audit
┌──────────────────────────────────────────────────────────────────────────────┐ │ Manual Review │ │ Some vulnerabilities require your attention to resolve │ │ │ │ Visit https://go.npm.me/audit-guide for additional guidance │ └──────────────────────────────────────────────────────────────────────────────┘ ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ Low │ Prototype Pollution │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ lodash │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Patched in │ >=4.17.5 │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ grunt-usemin │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ grunt-usemin > lodash │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://npmjs.com/advisories/577 │ └───────────────┴──────────────────────────────────────────────────────────────┘ ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ High │ Prototype Pollution │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ lodash │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Patched in │ >=4.17.11 │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ grunt-usemin │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ grunt-usemin > lodash │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://npmjs.com/advisories/782 │ └───────────────┴──────────────────────────────────────────────────────────────┘ ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ High │ Prototype Pollution │ ├───────────────┼──────────────────────
================