update lodash for security issue#61
Conversation
|
@ryanbillingsley Please review. |
|
+1 |
|
|
||
| 0.3.2 | ||
| * Bump the lodash version due to security concerns | ||
| * Update lodash usage in `src/ipfulter.js` for tests to pass |
There was a problem hiding this comment.
Typo in filename: src/ipfilter.js
| ## Changelog | ||
|
|
||
| 0.3.2 | ||
| * Bump the lodash version due to security concerns |
There was a problem hiding this comment.
Add a link to https://nodesecurity.io/advisories/577
|
@ryanbillingsley Please review this |
|
+1 |
|
This project is abandoned? |
pdefreitas
left a comment
pdefreitas
left a comment
There was a problem hiding this comment.
Just needs the changes @ChaseWagoner suggested.
|
This repo seems to be unmaintained now. Is there a manual on how to fix this ourselves? One of my projects uses express-ipfilter but I'm not able to update the lodash dependency within express-ipfilter and fix the vulnerability. |
|
Never mind my comment above. I was able to fix it. Thanks. |
|
Sorry everyone, I left the company a while back and was no longer a part of the Github Team so I wasn't able to do anything about this. I would like to get this merged but with the suggestions. If @annyhe wants to do that, that would be great, otherwise I will do it as soon as I can this evening. |
7 participants
To fix this issue #60
https://snyk.io/vuln/npm:lodash:20180130