Update Lodash to 4.17.21 #143
Comments
|
Any news on this? |
|
Same. $ npm auditlodash <=4.17.20
Severity: critical
Prototype Pollution in lodash - https://github.com/advisories/GHSA-jf85-cpcp-j695
Prototype Pollution in lodash - https://github.com/advisories/GHSA-4xc9-xhrj-v574
Prototype Pollution in lodash - https://github.com/advisories/GHSA-fvqr-27wr-82fm
Command Injection in lodash - https://github.com/advisories/GHSA-35jh-r3h4-6jhm
Regular Expression Denial of Service (ReDoS) in lodash - https://github.com/advisories/GHSA-29mw-wpgm-hmr9
Regular Expression Denial of Service (ReDoS) in lodash - https://github.com/advisories/GHSA-x5rq-j2xg-h7qm
Prototype Pollution in lodash - https://github.com/advisories/GHSA-p6mc-m468-83gw
No fix available
node_modules/lodash
oauth2-server <=3.1.1
Depends on vulnerable versions of lodash
node_modules/oauth2-server
express-oauth-server *
Depends on vulnerable versions of oauth2-server
node_modules/express-oauth-server
3 vulnerabilities (2 high, 1 critical)
Some issues need review, and may require choosing
a different dependency. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
To avoid critical security issues, lodash need to be updated to 4.17.21 urgently.
https://snyk.io/test/npm/lodash/4.17.20
The text was updated successfully, but these errors were encountered: