Closed rishabh-chowdhary closed 4 years ago
@All - Please confirm when this can be merged, a critical fix which is blocking our release.
The lodash
changed in this PR is only a dev dependency. I am in the process of updating the lodash
version used by request-promise-core
that is used by this library. With the next version of request-promise
the security vulnerability will be fixed.
This updated version of 4.17.12 fixes a critical security vulnerability in lodash, more details are here: https://nvd.nist.gov/vuln/detail/CVE-2019-10744