The current version of `lodash.*` needs to be updated to avoid security audit warnings - Githubissues

zallek / swagger-diff

Compute the diff between two swagger API specifications.

https://zallek.github.io/swagger-diff/

58 stars 30 forks source link

The current version of `lodash.*` needs to be updated to avoid security audit warnings #33

Open stuwilliams-clgx opened 5 years ago

stuwilliams-clgx commented 5 years ago

$ npm audit (partial) High Prototype Pollution Package lodash.merge Patched in >=4.6.2 Dependency of swagger-diff Path swagger-diff > lodash.defaultsdeep > lodash.merge More info https://nodesecurity.io/advisories/1066 High Prototype Pollution Package lodash.merge Patched in >=4.6.1 Dependency of swagger-diff Path swagger-diff > lodash.defaultsdeep > lodash.merge More info https://nodesecurity.io/advisories/1067

(partial)

lechen26 commented 4 years ago

same here. any update on this?