Skip to content
This repository has been archived by the owner on Sep 14, 2022. It is now read-only.

Update lodash to 5.17.11 to resolve node vulnerability audit #579

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

joeyjmorales
Copy link

No description provided.

@WebbizAdmin
Copy link

Why this is not merged??

@aifrim
Copy link

aifrim commented Feb 28, 2019

@WebbizAdmin tests fail

@andyedwardsibm
Copy link

#570 might be relevant. According to that, work is happening to bring the project back to life, so things like the failing Travis and these PRs might get addressed.

Tristramg added a commit to CodeursenLiberte/etherpad-lite that referenced this pull request Apr 16, 2019
@DeeDeeG
Copy link

DeeDeeG commented Oct 15, 2019

This is a very tiny PR that could help users of this package stay secure.

I use this swagger node package and would appreciate the patch to newer lodash.

Maintainers, if the various audit security errors were patched and a very small maintenance release were pushed I think existing users would greatly appreciate it. (I know I would!)

(Incidentally PR name is slightly off, the major version for lodash is 4.x, rather than 5.x)

@DeeDeeG
Copy link

DeeDeeG commented Oct 15, 2019

Actually this PR isn't strictly necessary. On master branch, this package already depends on lodash "^4.17.2".

That means "greater than (or equal to) 4.17.2, but also less than 5.x"

If there were a new release of this package based off of the master branch, it would allow users to get up-to-date lodash, since the latest lodash (4.17.15 at the moment) is still in the 4.x series.

The fix that would be more meaningful would be for there to be a new release of this package.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants