Global HTTP & HTTPS tunelling agent - hard fork of https://github.com/SalesforceEng/global-tunnel
BSD 3-Clause "New" or "Revised" License
118
stars
20
forks
source link
Lodash dependency causes prototype pollution issue: can you use another package instead of lodash? #59
Open
marcoippolito opened 4 years ago
│ Low │ Prototype Pollution │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ lodash │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Patched in │ No patch available │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ electron │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ electron > @electron/get > global-tunnel-ng > lodash
https://www.npmjs.com/advisories/1523 "No fix is currently available. Consider using an alternative package until a fix is made available."
So... can you use another package instead of lodash?
Marco