Vulnerability in Lodash versions below < 4.17.11 #13

sam-warren-finnair · 2019-02-06T07:06:41Z

https://snyk.io/vuln/SNYK-JS-LODASH-73639

Is it possible to up the lodash version in package.json?

analog-nico · 2019-02-15T00:31:36Z

Thanks for reporting this @sam-warren-finnair ! I just released request-promise@4.2.3, request-promise-native@1.0.6, and request-promise-any@1.0.6 which bump lodash to @4.17.11.

sam-warren-finnair · 2019-02-15T06:58:48Z

Fantastic, thanks so much for this!

analog-nico · 2019-02-15T17:05:00Z

My pleasure buddy. :)

analog-nico added the Bump Patch Bump patch version once released label Feb 14, 2019

analog-nico closed this as completed in c61e41f Feb 14, 2019

bryceg mentioned this issue Mar 8, 2019

Update request-promise dependency for lodash vulnerability taxjar/taxjar-node#22

Closed

quetzaluz mentioned this issue Jul 17, 2019

Potential lodash vulnerability at 4.17.11 #21

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Vulnerability in Lodash versions below < 4.17.11 #13

Vulnerability in Lodash versions below < 4.17.11 #13

sam-warren-finnair commented Feb 6, 2019

analog-nico commented Feb 15, 2019

sam-warren-finnair commented Feb 15, 2019

analog-nico commented Feb 15, 2019

Vulnerability in Lodash versions below < 4.17.11 #13

Vulnerability in Lodash versions below < 4.17.11 #13

Comments

sam-warren-finnair commented Feb 6, 2019

analog-nico commented Feb 15, 2019

sam-warren-finnair commented Feb 15, 2019

analog-nico commented Feb 15, 2019