ysmood
commented
5 years ago Thank you!
Closed minusworld closed 5 years ago
ysmood
commented
5 years ago Thank you!
abbasjaanz764
commented
4 months ago Sand many
Hello,
I'm working on on a program analysis tool for some research and I noticed you are using version 4.17.11 of lodash. lodash@4.17.11 has a vulnerability in the defaultsDeep method which is used in this repository in lib/kit.js.
This PR bumps the version of lodash to 4.17.15, the latest version as of this writing. I saw that all of your dependencies are pinned to specific versions and have respected that with this PR.
Let me know if you have any questions or would like to discuss further! Thanks!