search

voucherifyio / voucherify-nodejs-sdk

[Deprecated] Node.js SDK for Voucherify - coupons, vouchers, promo codes
http://www.voucherify.io
MIT License
27 stars 16 forks source link

Lodash dependency high vulnerability #134

Open yedlosh opened 3 years ago

yedlosh commented 3 years ago

Hi, the voucherify SDK depends on

"lodash": "4.17.20"

which has a high severity vulnerability (https://npmjs.com/advisories/1673)

I'd like to ask if the dependency could be updated, and better yet, if the dependencies could be defined using either minor (^) or at least patch (~) version range - as that would prevent this particular issue from arising.

Thank you!

kevinignas commented 2 years ago

is there any updates for this?

frakti commented 2 years ago

@kevinignas This repo is no longer actively maintained, we have a new SDK for node.js at https://github.com/voucherifyio/voucherify-js-sdk. Check migration guide.