Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

lodash vulnerability #22

Open
justin-lyon opened this issue Jan 3, 2019 · 1 comment
Open

lodash vulnerability #22

justin-lyon opened this issue Jan 3, 2019 · 1 comment

Comments

@justin-lyon
Copy link

rethinkdb-init has a dependency on an old version of lodash that has been flagged by npm audit.
See the advisory here https://www.npmjs.com/advisories/577

my local npm audit:

                       === npm audit security report ===


                                 Manual Review
             Some vulnerabilities require your attention to resolve

          Visit https://go.npm.me/audit-guide for additional guidance


  Low             Prototype Pollution

  Package         lodash

  Patched in      >=4.17.5

  Dependency of   rethinkdb-init

  Path            rethinkdb-init > lodash

  More info       https://nodesecurity.io/advisories/577

found 1 low severity vulnerability in 275 scanned packages
  1 vulnerability requires manual review. See the full report for details.
@eviltik
Copy link

eviltik commented Mar 29, 2019

@thejsj please :)

@netwaf netwaf mentioned this issue May 2, 2019
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@eviltik @justin-lyon