Node Security Issue with lodash: 577 - Prototype Pollution

Question

johncblandii opened this issue 6 years ago · comments

We need a lodash update. It'd be a good time to release to resolve #301 as well.

Auke Tembrink · Answer 1 · Sat Jul 28 2018 02:53:46 GMT+0800 (China Standard Time)

I can approve this. +1

Maximilian Berkmann · Answer 2 · Wed Jun 05 2019 22:29:16 GMT+0800 (China Standard Time)

It still seems to be a problem on 1.12.0 according to Snyk (https://app.snyk.io/test/npm/vorpal/1.12.0).

John C. Bland II · Answer 3 · Fri Jun 07 2019 13:05:12 GMT+0800 (China Standard Time)

I'm pretty sure this project is dead, @Berkmann18.

Maximilian Berkmann · Answer 4 · Fri Jun 07 2019 17:14:49 GMT+0800 (China Standard Time)

Jordan Ellis Coppard · Answer 5 · Wed Oct 09 2019 16:57:01 GMT+0800 (China Standard Time)

Why has this not been merged, rather unacceptable that a high security vulnerability has been here for over a year

Brandon Slinkard · Answer 6 · Wed Oct 09 2019 19:07:48 GMT+0800 (China Standard Time)

@tsujp Because the project is dead and the old vorpal admins haven’t put anyone else in charge.

Jordan Ellis Coppard · Answer 7 · Wed Oct 09 2019 19:35:20 GMT+0800 (China Standard Time)

David Nussio · Answer 8 · Fri Oct 25 2019 23:07:23 GMT+0800 (China Standard Time)

I'm starting using this fork: npm i @moleculer/vorpal