search

nikku / karma-browserify

A fast Browserify integration for Karma that handles large projects with ease
MIT License
321 stars 50 forks source link

lodash vulnerability reported by "npm audit" #218

Closed matthew-white closed 6 years ago

matthew-white commented 6 years ago

Using karma-browserify 5.2.0, when I run npm audit, I receive the following report:

┌───────────────┬────────────────────────────────────────┐
│ Low           │ Prototype Pollution                    │
├───────────────┼────────────────────────────────────────┤
│ Package       │ lodash                                 │
├───────────────┼────────────────────────────────────────┤
│ Patched in    │ >=4.17.5                               │
├───────────────┼────────────────────────────────────────┤
│ Dependency of │ karma-browserify [dev]                 │
├───────────────┼────────────────────────────────────────┤
│ Path          │ karma-browserify > lodash              │
├───────────────┼────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/577 │
└───────────────┴────────────────────────────────────────┘

I see that this was also mentioned in a comment at https://github.com/karma-runner/karma/issues/2994.

nikku commented 6 years ago

Should be fixed with karma-browserify@5.3.0.