Lodash Dependency is outdated High Prototype Pollution Vulnerability

Question

d0rf47 opened this issue 4 years ago · comments

I am using sengrid in an project and npm audit shows some high vulnerability security issues. With your Lodash dependency.
High Prototype Pollution

Package lodash

Patched in >=4.17.11

Dependency of nodemailer-sendgrid-transport

Path nodemailer-sendgrid-transport > sendgrid > lodash

High Prototype Pollution

Package lodash

Patched in >=4.17.12

Dependency of nodemailer-sendgrid-transport

Path nodemailer-sendgrid-transport > sendgrid > lodash

Is there a way to manually fix this on my end or do I need to do a pull request as suggested by npm

Tom Scott · Answer 1 · Thu Dec 17 2020 04:03:15 GMT+0800 (China Standard Time)

also having this issue if anyone's around to bump the dependency?

Dunsin · Answer 2 · Mon Mar 06 2023 16:59:07 GMT+0800 (China Standard Time)

any solution? or way around?