loadash vulnerability - Githubissues

jacobmischka / gatsby-plugin-react-svg

Adds svg-react-loader to gatsby webpack config

https://www.npmjs.com/package/gatsby-plugin-react-svg

MIT License

70 stars 21 forks source link

loadash vulnerability #25

Closed silviopaganini closed 4 years ago

silviopaganini commented 5 years ago

Expected Behavior

yarn audit shouldn't return any audit problems

Actual Behavior

yarn audit returns High vulnerability More info https://www.npmjs.com/advisories/1065

Possible Solution

Upgrade lodash

Steps to Reproduce

yarn audit / npm audit

Context

Currently breaks CI as we rely on audits

Environment

Node Version: v10.14.1
Package Manager Version: 6.4.1
Operating System: 18.6.0 Darwin Kernel Version 18.6.0: Thu Apr 25 23:16:27 PDT 2019; root:xnu-4903.261.4~2/RELEASE_X86_64 x86_64
Package Version: 2.1.1