search

thejsj / rethinkdb-init

Create all RethinkDB databases, tables and indexes automatically through a schema object.
https://www.npmjs.com/package/rethinkdb-init
53 stars 15 forks source link

lodash vulnerability #22

Open justin-lyon opened 5 years ago

justin-lyon commented 5 years ago

rethinkdb-init has a dependency on an old version of lodash that has been flagged by npm audit. See the advisory here https://www.npmjs.com/advisories/577

my local npm audit:

                       === npm audit security report ===

                                 Manual Review
             Some vulnerabilities require your attention to resolve

          Visit https://go.npm.me/audit-guide for additional guidance

  Low             Prototype Pollution

  Package         lodash

  Patched in      >=4.17.5

  Dependency of   rethinkdb-init

  Path            rethinkdb-init > lodash

  More info       https://nodesecurity.io/advisories/577

found 1 low severity vulnerability in 275 scanned packages
  1 vulnerability requires manual review. See the full report for details.
eviltik commented 5 years ago

@thejsj please :)