issues
search
lantanagroup
/
FHIR.js
Node.JS library for serializing/deserializing FHIR resources between JS/JSON and XML using various node.js XML libraries
Apache License 2.0
104
stars
29
forks
source link
Upgrade high severity vulnerability in lodash 4.17.11
#20
Closed
quetzaluz
closed
5 years ago
quetzaluz
commented
5 years ago
Per
https://github.com/lodash/lodash/issues/4348
, an upgrade is required to address a recent security vulnerability CVE-2019-10744
https://github.com/lantanagroup/FHIR.js/blob/master/package.json#L38
lists the vulnerable lodash version
While this repo may not yet use the vulnerable methods / libraries specifically (merge, mergewith, defaultsdeep), upgrading now can address package install warnings and prevent use of vulnerable methods later.
PR coming shortly to address this.
PR coming shortly to address this.