Skip to content

Fix lodash vulnerability: Prototype Pollution#238

Merged
bajtos merged 1 commit intostrongloop:4.xfrom
jeemok:patch-1
May 10, 2018
Merged

Fix lodash vulnerability: Prototype Pollution#238
bajtos merged 1 commit intostrongloop:4.xfrom
jeemok:patch-1

Conversation

@jeemok
Copy link

@jeemok jeemok commented May 10, 2018

Description

I was using loopback-component-explorer@4.3.0 and having a NSP vulnerability warning (Ref: https://nodesecurity.io/advisories/577)

These are the compatibility-warnings for upgrading lodash from v3 to v4 (https://github.com/lodash/lodash/wiki/Changelog#compatibility-warnings)

@slnode
Copy link

slnode commented May 10, 2018

Can one of the admins verify this patch? To accept patch and trigger a build add comment ".ok\W+to\W+test."

@bajtos bajtos changed the title NSP Vulnerability: Prototype Pollution Fix lodash vulnerability: Prototype Pollution May 10, 2018
bajtos
bajtos approved these changes May 10, 2018
View reviewed changes
Copy link
Member

@bajtos bajtos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the pull request! I have edited the commit message to better describe what is being fixed. Let's wait for CI results before landing.

@bajtos bajtos merged commit f58f8b0 into strongloop:4.x May 10, 2018
@bajtos
Copy link
Member

bajtos commented May 10, 2018

Published in loopback-component-explorer@4.3.1, enjoy 🎉

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@bajtos bajtos bajtos approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jeemok @slnode @bajtos