Upgrade Lodash Version to Fix Prototype Pollution Vulnerability

thenativeweb / node-eventstore

EventStore Implementation in node.js

http://eventstore.js.org/

MIT License

538 stars 117 forks source link

Upgrade Lodash Version to Fix Prototype Pollution Vulnerability #135

Closed emmkong closed 6 years ago

emmkong commented 6 years ago

The version of lodash lib uses in this project contains low-risk Prototype Pollution Vulnerability. see https://www.npmjs.com/advisories/577, please upgrade it to the latest version if possible. Thanks

nanov commented 6 years ago

The version this projects uses ( 4.17.10 ) is the latest. I guess your warnings come not directly from this project, but from the (node-cqrs-domain)[https://github.com/adrai/node-cqrs-domain] which depends on this project, but it's dependency isn't updated.

I will update it now, and hopefully those vulnerability warnings will be gone.

nanov commented 6 years ago

I've just published an update for node-cqrs-domain which addresses those issues.

emmkong commented 6 years ago

thanks