npm audit security warnings because of lodash #9
Description
Hi,
I just installed your package and saw 5 low security vulnerabilities due to lodash version.
>npm audit
=== npm audit security report ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
Low Prototype Pollution
Package lodash
Patched in >=4.17.5
Dependency of node-session
Path node-session > lodash
More info https://nodesecurity.io/advisories/577
Low Prototype Pollution
Package lodash
Patched in >=4.17.5
Dependency of node-session
Path node-session > waterline > switchback > lodash
More info https://nodesecurity.io/advisories/577
Low Prototype Pollution
Package lodash
Patched in >=4.17.5
Dependency of node-session
Path node-session > waterline > waterline-schema > lodash
More info https://nodesecurity.io/advisories/577
Low Prototype Pollution
Package lodash
Patched in >=4.17.5
Dependency of node-session
Path node-session > waterline > lodash
More info https://nodesecurity.io/advisories/577
Low Prototype Pollution
Package lodash
Patched in >=4.17.5
Dependency of node-session
Path node-session > waterline > waterline-criteria > lodash
More info https://nodesecurity.io/advisories/577
found 5 low severity vulnerabilities in 563 scanned packages
Even though they are low risk, I want to use your package in a productive environment. Would you mind to upgrade your packages to use lodash >= 4.17.5.
If I find time, I can do the upgrade as well, if you like.
Metadata
Metadata
Assignees
Labels
No labels