From e53191f9bcc43e8c0d8fba49d004a70d26b2e1e2 Mon Sep 17 00:00:00 2001 From: Anny He Date: Fri, 25 May 2018 11:36:37 -0700 Subject: [PATCH] update lodash for security issue --- README.md | 6 +++++- package.json | 4 ++-- src/ipfilter.js | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 9db1da7..93e46d2 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ This package provides easy IP based access control. This can be achieved either [![Circle CI](https://circleci.com/gh/baminteractive/express-ipfilter/tree/master.svg?style=svg)](https://circleci.com/gh/baminteractive/express-ipfilter/tree/master) ## Version -0.3.1 +0.3.2 ## Installation @@ -156,6 +156,10 @@ This will run `eslint`,`babel`, and `mocha` and output coverage data into `cover ## Changelog +0.3.2 + * Bump the lodash version due to security concerns + * Update lodash usage in `src/ipfulter.js` for tests to pass + 0.3.1 * Fixes critical bug that allowed access when ips is empty and mode == 'allow'. * Adds minor speed improvements for middleware. diff --git a/package.json b/package.json index ef517a5..356c76c 100644 --- a/package.json +++ b/package.json @@ -1,11 +1,11 @@ { "name": "express-ipfilter", "description": "A light-weight IP address based filtering system", - "version": "0.3.1", + "version": "0.3.2", "author": "BaM Interactive", "dependencies": { "ip": "~1.1.0", - "lodash": "~3.10.1", + "lodash": "^4.17.10", "range_check": "^1.2.0" }, "devDependencies": { diff --git a/src/ipfilter.js b/src/ipfilter.js index 06c8172..e953eac 100644 --- a/src/ipfilter.js +++ b/src/ipfilter.js @@ -95,7 +95,7 @@ module.exports = function ipfilter(ips, opts) { var matchClientIp = function(ip){ var mode = settings.mode.toLowerCase(); - var result = _.invoke(getIps(),testIp,ip,mode); + var result = _.invokeMap(getIps(),testIp,ip,mode); if(mode === 'allow'){ return _.some(result);