Current cmake-js version uses vulnerable dependencies (lodash), requires update

Question

diegoperini opened this issue 6 years ago · comments

Result of	`npm audit`
Low	Prototype Pollution
Package	lodash
Patched in	>=4.17.5
Dependency of	llvm-node
Path	llvm-node > cmake-js > lodash
More info	https://nodesecurity.io/advisories/577

Micha Reiser · Answer 1 · Wed Oct 24 2018 17:39:03 GMT+0800 (China Standard Time)

Thanks for reporting this issue. Its fixed with #58. A release follows soon.