nodemailer-sendgrid-transport icon indicating copy to clipboard operation
nodemailer-sendgrid-transport copied to clipboard

Published 20 hours ago verified publisher icon sendgrid

Lodash Dependency is outdated High Prototype Pollution Vulnerability

Open d0rf47 opened this issue 4 years ago • 2 comments

I am using sengrid in an project and npm audit shows some high vulnerability security issues. With your Lodash dependency. High Prototype Pollution

Package lodash

Patched in >=4.17.11

Dependency of nodemailer-sendgrid-transport

Path nodemailer-sendgrid-transport > sendgrid > lodash

More info https://npmjs.com/advisories/782

High Prototype Pollution

Package lodash

Patched in >=4.17.12

Dependency of nodemailer-sendgrid-transport

Path nodemailer-sendgrid-transport > sendgrid > lodash

Is there a way to manually fix this on my end or do I need to do a pull request as suggested by npm

d0rf47 avatar Apr 30 '20 18:04 d0rf47

also having this issue if anyone's around to bump the dependency?

tubbo avatar Dec 16 '20 20:12 tubbo

any solution? or way around?

Dunsin-cyber avatar Mar 06 '23 08:03 Dunsin-cyber