html-critical-webpack-plugin icon indicating copy to clipboard operation
html-critical-webpack-plugin copied to clipboard

Published 20 hours ago verified publisher icon anthonygore

lodash vulnerability

Open hassaans opened this issue 5 years ago • 3 comments

npm audit shows "Prototype Pollution" vulnerability.

screen shot 2019-01-14 at 12 32 30 am

hassaans avatar Jan 13 '19 19:01 hassaans

Thanks @hassaans !

Would you be up for opening a PR to update our dependencies and fix these suggestions?

thescientist13 avatar Jan 15 '19 23:01 thescientist13

I faced the same problem. It probably needs to update critical to 2.0.0. However, critical is in beta and has breaking changes.

joshuaavalon avatar Jan 29 '19 03:01 joshuaavalon

The problem is in deeper dependency package cheerio. Currently running 0.22.0 and documentation states they are working on 1.0.0. Hope to see lodash updated there, in an hotfix.

rickvandermey avatar Jan 29 '19 07:01 rickvandermey