search

rochejul / npmversion

A command line node module to deal with "bumping" and "npm version"
MIT License
8 stars 2 forks source link

Fix vunerability #20

Closed rochejul closed 6 years ago

rochejul commented 6 years ago

From snyke reports, update to lodash@4.17.5

David-Klemenc commented 5 years ago

Another version bump is needed:

Prototype Pollution vulnerability 1 Prototype Pollution vulnerability 2

Consider updating lodash to 4.17.15 or maybe "~4.17.15" (patch version updates should not have adverse effects !?)