aifrim
commented
5 years ago @WebbizAdmin tests fail
Open joeyjmorales opened 5 years ago
aifrim
commented
5 years ago @WebbizAdmin tests fail
andyedwardsibm
commented
5 years ago https://github.com/swagger-api/swagger-node/issues/570 might be relevant. According to that, work is happening to bring the project back to life, so things like the failing Travis and these PRs might get addressed.
DeeDeeG
commented
4 years ago This is a very tiny PR that could help users of this package stay secure.
I use this swagger node package and would appreciate the patch to newer lodash.
Maintainers, if the various audit security errors were patched and a very small maintenance release were pushed I think existing users would greatly appreciate it. (I know I would!)
(Incidentally PR name is slightly off, the major version for lodash is 4.x, rather than 5.x)
DeeDeeG
commented
4 years ago Actually this PR isn't strictly necessary. On master branch, this package already depends on lodash "^4.17.2".
That means "greater than (or equal to) 4.17.2, but also less than 5.x"
If there were a new release of this package based off of the master branch, it would allow users to get up-to-date lodash, since the latest lodash (4.17.15 at the moment) is still in the 4.x series.
The fix that would be more meaningful would be for there to be a new release of this package.
Why this is not merged??