[jira] [Commented] (CB-14088) Node security issue with outdated dependency: lodash

JIRA Mon, 14 May 2018 16:06:48 -0700

    [ 
https://issues.apache.org/jira/browse/CB-14088?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16475009#comment-16475009
 ]


Jeffrey N. Carré commented on CB-14088:
---------------------------------------

here is the lodash ticket for that : 
https://github.com/FormidableLabs/victory/issues/946

> Node security issue with outdated dependency: lodash
> ----------------------------------------------------
>
>                 Key: CB-14088
>                 URL: https://issues.apache.org/jira/browse/CB-14088
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: cordova-android
>    Affects Versions: cordova-android-7.0.0
>            Reporter: ALEKSANDER KLAJDERIC
>            Assignee: Joe Bowser
>            Priority: Minor
>              Labels: patch
>
> === npm audit security report ===
>  Manual Review
>  Some vulnerabilities require your attention to resolve
> Visit https://go.npm.me/audit-guide for additional guidance
>  Low Prototype Pollution
> Package lodash
> Patched in >=4.17.5
> Dependency of cordova-android
> Path cordova-android > cordova-common > plist > xmlbuilder >
>  lodash
> More info https://nodesecurity.io/advisories/577
> [!] 1 vulnerability found - Packages audited: 2572 (2027 dev, 304 optional)
>  Severity: 1 Low



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Commented] (CB-14088) Node security issue with outdated dependency: lodash

Reply via email to