Closed Chris92de closed 4 years ago
While using this package, npm throws a security warning for lodash:
=== npm audit security report === ┌──────────────────────────────────────────────────────────────────────────────┐ │ Manual Review │ │ Some vulnerabilities require your attention to resolve │ │ │ │ Visit https://go.npm.me/audit-guide for additional guidance │ └──────────────────────────────────────────────────────────────────────────────┘ ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ High │ Prototype Pollution │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ lodash │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Patched in │ >=4.17.12 │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ @paralect/node-mongo │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ @paralect/node-mongo > lodash │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://npmjs.com/advisories/1065 │ └───────────────┴──────────────────────────────────────────────────────────────┘ found 1 high severity vulnerability in 12390 scanned packages 1 vulnerability requires manual review. See the full report for details.
This can be fixed by increasing the required lodash version from 4.17.11 to ^4.17.12
While using this package, npm throws a security warning for lodash:
This can be fixed by increasing the required lodash version from 4.17.11 to ^4.17.12