ghost
commented
5 years ago Closed ghost closed 5 years ago
ghost
commented
5 years ago 
xzyfer
commented
5 years ago PRs welcome
On Tue., 2 Jul. 2019, 5:33 pm Ivan Cherviakov, notifications@github.com wrote:
┌───────────────┬──────────────────────────────────────────────────────────────┐ │ High │ Prototype Pollution │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ lodash │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ node-sass │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ node-sass > sass-graph > lodash │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://npmjs.com/advisories/782 │ └───────────────┴──────────────────────────────────────────────────────────────┘
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/xzyfer/sass-graph/issues/103?email_source=notifications&email_token=AAENSWHDIM5Z2Z3NYVQRDYDP5MAC7A5CNFSM4H4Y4E7KYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4G4Z3WNQ, or mute the thread https://github.com/notifications/unsubscribe-auth/AAENSWEEKQP2PTJON5OV4C3P5MAC7ANCNFSM4H4Y4E7A .
ghost
commented
5 years ago My mistake, seems in package.json lodash deps already set to latest, 4.17.11