Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Update lodash due to security #14

Merged
merged 1 commit into from
Feb 14, 2019
Merged

Conversation

Alec321
Copy link
Contributor

@Alec321 Alec321 commented Feb 12, 2019

Prior versions of lodash have been compromised so you should force users to grab 4.17.11
All tests seem to still run locally.

Prior versions of lodash have been compromised so you should force users to grab 4.17.11
@coveralls
Copy link

Coverage Status

Coverage remained the same at 100.0% when pulling c837026 on Alec321:patch-1 into 77e4f18 on request:master.

@CorWatts
Copy link

Instead of this, could we merge in #7 and update the lodash deps there?

@Alec321
Copy link
Contributor Author

Alec321 commented Feb 13, 2019

@CorWatts You could, however, it looks like #7 removes the dependency and depends on submodules of lodash. It shouldn't hurt merging this in then merging in the #7 .

@analog-nico analog-nico merged commit c61e41f into request:master Feb 14, 2019
@analog-nico
Copy link
Member

Thanks a lot @Alec321 ! @CorWatts I will take care of your PR as well.

@analog-nico
Copy link
Member

I just released request-promise@4.2.3, request-promise-native@1.0.6, and request-promise-any@1.0.6 which include this fix.

@Alec321
Copy link
Contributor Author

Alec321 commented Feb 15, 2019

Thank you!

@analog-nico
Copy link
Member

Cheers @Alec321 ! :)

# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants