voucherify-nodejs-sdk icon indicating copy to clipboard operation
voucherify-nodejs-sdk copied to clipboard

Published 20 hours ago verified publisher icon voucherifyio

Lodash dependency high vulnerability

Open yedlosh opened this issue 3 years ago • 2 comments

Hi, the voucherify SDK depends on

"lodash": "4.17.20"

which has a high severity vulnerability (https://npmjs.com/advisories/1673)

I'd like to ask if the dependency could be updated, and better yet, if the dependencies could be defined using either minor (^) or at least patch (~) version range - as that would prevent this particular issue from arising.

Thank you!

yedlosh avatar May 20 '21 18:05 yedlosh

is there any updates for this?

kevinignas avatar Apr 07 '22 18:04 kevinignas

@kevinignas This repo is no longer actively maintained, we have a new SDK for node.js at https://github.com/voucherifyio/voucherify-js-sdk. Check migration guide.

frakti avatar Apr 07 '22 18:04 frakti