Lodash in deps have security issue - need to upgrade lodash version #65
Comments
|
Thanks for the heads up @deksden! |
|
I can confirm the issue and the upgrade to do. |
|
Thanks @Berkmann18! |
I updated some packages due to a security vulnerability raised in [sendgrid#65](sendgrid#65) and as a follow up to the PR [sendgrid#64](sendgrid#64) (where I added a basic issue template and one use case).
I also refactored some of it such that it contains only the necessary files, as well as follow the structure that the other sub-packages follow. This commit should help with the PRs: - [NST#67](sendgrid/nodemailer-sendgrid-transport#67) - [NST#64](sendgrid/nodemailer-sendgrid-transport#64) And the following issues: - [NST#65](sendgrid/nodemailer-sendgrid-transport#65) - [NST#25](sendgrid/nodemailer-sendgrid-transport#25) The problem I face despit this commit being here is that some sub-packages require the old `sendgrid` package which works differently then this one.
|
What is missing to complete this? I just completed a Lodash upgrade from 3.x to 4.x, so I can help with that part. I blogged my experience: https://programatealgo.blogspot.com/2019/01/upgrading-lodash-from-3x-to-4x.html |
|
@dario-ramos This issue should normally be resolved. |
|
As there is no update added, can anyone please tell me how can I resolve this error. |
|
@sudhanshugaur4 It is as far as I can tell. |
|
It seems to me this repo is not maintained anymore. Abandoned city yal' boys... A lonely cowboy only passes by this place... |
More info: https://snyk.io/vuln/npm:lodash:20180130
How to fix: Upgrade lodash to version 4.17.5 or higher.
The text was updated successfully, but these errors were encountered: