update lodash for security issue #61
Conversation
|
@ryanbillingsley Please review. |
|
+1 |
| @@ -156,6 +156,10 @@ This will run `eslint`,`babel`, and `mocha` and output coverage data into `cover | |||
|
|
|||
| ## Changelog | |||
|
|
|||
| 0.3.2 | |||
| * Bump the lodash version due to security concerns | |||
| * Update lodash usage in `src/ipfulter.js` for tests to pass | |||
There was a problem hiding this comment.
Typo in filename: src/ipfilter.js
| @@ -156,6 +156,10 @@ This will run `eslint`,`babel`, and `mocha` and output coverage data into `cover | |||
|
|
|||
| ## Changelog | |||
|
|
|||
| 0.3.2 | |||
| * Bump the lodash version due to security concerns | |||
There was a problem hiding this comment.
Add a link to https://nodesecurity.io/advisories/577
|
@ryanbillingsley Please review this |
|
+1 |
|
This project is abandoned? |
|
This repo seems to be unmaintained now. Is there a manual on how to fix this ourselves? One of my projects uses express-ipfilter but I'm not able to update the lodash dependency within express-ipfilter and fix the vulnerability. |
|
Never mind my comment above. I was able to fix it. Thanks. |
|
Sorry everyone, I left the company a while back and was no longer a part of the Github Team so I wasn't able to do anything about this. I would like to get this merged but with the suggestions. If @annyhe wants to do that, that would be great, otherwise I will do it as soon as I can this evening. |
To fix this issue #60
https://snyk.io/vuln/npm:lodash:20180130