GoblinDB icon indicating copy to clipboard operation
GoblinDB copied to clipboard

Published 20 hours ago verified publisher icon GoblinDBRocks

lodash security patch needed

Open UlisesGascon opened this issue 7 years ago • 3 comments
trafficstars

We need to upgrade the dependency to version >=4.17.5, based on this issue

@Sediug I can manage the change if you want in few days...

UlisesGascon avatar Oct 19 '18 16:10 UlisesGascon

I'm on it!

CodingCarlos avatar Nov 06 '18 09:11 CodingCarlos

Well... By checking this out in depth, I've seen that there are more vulnerabilities to solve (some of them classified as critical), so I'm creating a branch to avoid potential risks.

To know more, run npm audit and see the inform.

CodingCarlos avatar Nov 06 '18 10:11 CodingCarlos

Ok, ready PR #74 to merge. Please, somebody to also check out that I'm not breaking things with new dependencies' versions.

CodingCarlos avatar Nov 06 '18 10:11 CodingCarlos