Current cmake-js version uses vulnerable dependencies (lodash), requires update
diegoperini opened this issue · comments
Result of | npm audit |
---|---|
Low | Prototype Pollution |
Package | lodash |
Patched in | >=4.17.5 |
Dependency of | llvm-node |
Path | llvm-node > cmake-js > lodash |
More info | https://nodesecurity.io/advisories/577 |
Thanks for reporting this issue. Its fixed with #58. A release follows soon.