search

pirateandfox / infusionsoft-javascript-api

A Javascript Library for the XML-RPC Infusionsoft API
Other
6 stars 3 forks source link

High severity vulnerability from underscore #8

Closed Kezzsim closed 3 years ago

Kezzsim commented 3 years ago

Just thought I'd bump this, should be easy for the maintainer to quickly upgrade the package. Running NPM audit on my project with this installed yields the following:



underscore  1.3.2 - 1.12.0
Severity: high
Arbitrary Code Execution - https://npmjs.com/advisories/1674
No fix available
node_modules/underscore
  infusionsoft-javascript-api  *
  Depends on vulnerable versions of underscore
  node_modules/infusionsoft-javascript-api
  typedef  <=0.13.2
  Depends on vulnerable versions of underscore
  node_modules/typedef```
justinhandley commented 3 years ago

Fix pushed in #9 - thanks for pointing this out.