-
Notifications
You must be signed in to change notification settings - Fork 124
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vulnerabilities reported by npm audit #133
Comments
Hello, Vulnerabilities, even low severity ones should not be ignored. |
👍 +1 |
👍 We are using this and ran into the same vulnerabilities. |
@ethanempe: what about a PR with that suggestion? :) |
…e non-recognition of async callbacks in Runner.create function lodash/lodash#2768 and a prototype pollution vulnerability patched in lodash >=4.17.5 apigee-127#133
…e non-recognition of async callbacks in Runner.create function lodash/lodash#2768 and a prototype pollution vulnerability patched in lodash >=4.17.5 apigee-127#133
…e non-recognition of async callbacks in Runner.create function lodash/lodash#2768 and a prototype pollution vulnerability patched in lodash >=4.17.5 apigee-127#133
As this package seems to be abandoned, I created forked versions of swagger-express-mw, swapper-node-runner and bagpipes which fix all but one minor vulnerability (blocked by #137). I don't plan on maintaining them other than possible occasional lib updates. You can use patched libs you need by:
(I always recommend using commit-id locked versions when referring directly to Github repositories.) |
npm audit
shows for the latest version the following vulnerabilities:The following depencies are used:
The text was updated successfully, but these errors were encountered: