Transitive dependency has high security vulnerability

rse / astq

Abstract Syntax Tree (AST) Query Engine

https://npmjs.com/astq

202 stars 15 forks source link

Transitive dependency has high security vulnerability #15

Closed andraspatka closed 2 years ago

andraspatka commented 3 years ago

After updating pegjs-otf with newer lodash version, update astq to latest pegjs-otf

High            Command Injection                                
  Package         lodash                                                  
  Patched in      >=4.17.21                                          
  Dependency of   asty-astq                                      
  Path            asty-astq > astq > pegjs-otf > lodash                                                                     
  More info       https://npmjs.com/advisories/1673