search

pdffillerjs / pdffiller

Take an existing PDF Form and data and PDF Filler will create a new PDF with all given fields populated.
MIT License
286 stars 113 forks source link

npm audit lodash vulnerability #77

Closed LarsSjogreen closed 5 years ago

LarsSjogreen commented 5 years ago 

                       === npm audit security report ===                          

                                 Manual Review                                    
             Some vulnerabilities require your attention to resolve               

          Visit https://go.npm.me/audit-guide for additional guidance             

  Low             Prototype Pollution                                             

  Package         lodash                                                          

  Patched in      >=4.17.5                                                        

  Dependency of   pdffiller                                                       

  Path            pdffiller > lodash                                              

  More info       https://nodesecurity.io/advisories/577                          

found 1 low severity vulnerability in 169 scanned packages                        
  1 vulnerability requires manual review. See the full report for details.

pdffiller uses an old version of lodash. This makes the builds break (for me) due to npm audit warnings and I can't fix them with npm audit fix --force. (Also, it's a vulnerability...)

jkomyno commented 5 years ago

+1, same for me

xyleen commented 5 years ago

@johntayl Hey, it seems that the issue is fixed, but the npm package is not updated. Could you push a new version to the npm repository (containing #78)?

johntayl commented 5 years ago

@xyleen New npm package has been updated to v0.0.11.