You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cordova.apache.org by "Jeffrey N. Carré (JIRA)" <ji...@apache.org> on 2018/05/14 23:06:00 UTC
[jira] [Commented] (CB-14088) Node security issue with outdated
dependency: lodash
[ https://issues.apache.org/jira/browse/CB-14088?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16475009#comment-16475009 ]
Jeffrey N. Carré commented on CB-14088:
---------------------------------------
here is the lodash ticket for that : https://github.com/FormidableLabs/victory/issues/946
> Node security issue with outdated dependency: lodash
> ----------------------------------------------------
>
> Key: CB-14088
> URL: https://issues.apache.org/jira/browse/CB-14088
> Project: Apache Cordova
> Issue Type: Bug
> Components: cordova-android
> Affects Versions: cordova-android-7.0.0
> Reporter: ALEKSANDER KLAJDERIC
> Assignee: Joe Bowser
> Priority: Minor
> Labels: patch
>
> === npm audit security report ===
> Manual Review
> Some vulnerabilities require your attention to resolve
> Visit https://go.npm.me/audit-guide for additional guidance
> Low Prototype Pollution
> Package lodash
> Patched in >=4.17.5
> Dependency of cordova-android
> Path cordova-android > cordova-common > plist > xmlbuilder >
> lodash
> More info https://nodesecurity.io/advisories/577
> [!] 1 vulnerability found - Packages audited: 2572 (2027 dev, 304 optional)
> Severity: 1 Low
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org