search

quasarframework / app-extension-feathersjs

[WIP] The official Quasar 1.0 App-Extension for feathersjs
https://quasar.dev
MIT License
6 stars 4 forks source link

Update feathers-vuex to 2.x.x #4

Open nothingismagick opened 5 years ago

nothingismagick commented 5 years ago

Previously in 1.x.x lodash.merge was being used. There are issues with that that have since been resolved. Please see:

https://github.com/feathers-plus/feathers-vuex/issues/213

✗ Medium severity vulnerability found in lodash.merge
  Description: Prototype Pollution
  Info: https://snyk.io/vuln/SNYK-JS-LODASHMERGE-173733
  Introduced through: feathers-vuex@1.7.0
  From: feathers-vuex@1.7.0 > lodash.merge@4.6.1

✗ High severity vulnerability found in lodash.merge
  Description: Prototype Pollution
  Info: https://snyk.io/vuln/SNYK-JS-LODASHMERGE-173732
  Introduced through: feathers-vuex@1.7.0
  From: feathers-vuex@1.7.0 > lodash.merge@4.6.1
nothingismagick commented 5 years ago

Latest at the time of this writing is v2.0.0-pre.24 https://github.com/feathers-plus/feathers-vuex/releases