You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
lodash <=4.17.20 Severity: critical Prototype Pollution in lodash - https://github.com/advisories/GHSA-jf85-cpcp-j695 Prototype Pollution in lodash - https://github.com/advisories/GHSA-4xc9-xhrj-v574 Prototype Pollution in lodash - https://github.com/advisories/GHSA-fvqr-27wr-82fm Command Injection in lodash - https://github.com/advisories/GHSA-35jh-r3h4-6jhm Regular Expression Denial of Service (ReDoS) in lodash - https://github.com/advisories/GHSA-29mw-wpgm-hmr9 Regular Expression Denial of Service (ReDoS) in lodash - https://github.com/advisories/GHSA-x5rq-j2xg-h7qm Prototype Pollution in lodash - https://github.com/advisories/GHSA-p6mc-m468-83gw fix available via npm audit fix --force Will install [email protected], which is a breaking change node_modules/babel-plugin-proto-to-assign/node_modules/lodash node_modules/ember-data-hal-9000/node_modules/lodash babel-core <=6.9.1 Depends on vulnerable versions of babel-plugin-proto-to-assign Depends on vulnerable versions of lodash Depends on vulnerable versions of minimatch node_modules/ember-data-hal-9000/node_modules/babel-core broccoli-babel-transpiler <=5.7.4 Depends on vulnerable versions of babel-core node_modules/ember-data-hal-9000/node_modules/broccoli-babel-transpiler ember-cli-babel <=5.2.8 Depends on vulnerable versions of broccoli-babel-transpiler node_modules/ember-data-hal-9000/node_modules/ember-cli-babel ember-data-hal-9000 >=0.1.7 Depends on vulnerable versions of ember-cli-babel node_modules/ember-data-hal-9000 babel-plugin-proto-to-assign * Depends on vulnerable versions of lodash node_modules/babel-plugin-proto-to-assign
Looks like ember-data-hal-9000 depends on an old version of ember-cli-babel that has vulnerabilties.
Please could the maintainers have a look? I notice that this addon is still getting downloads (150+ in the last month), so likely there are a lot of people using it.
Thanks
The text was updated successfully, but these errors were encountered:
Hi,
A recent
npm auditproduced the following:lodash <=4.17.20 Severity: critical Prototype Pollution in lodash - https://github.com/advisories/GHSA-jf85-cpcp-j695 Prototype Pollution in lodash - https://github.com/advisories/GHSA-4xc9-xhrj-v574 Prototype Pollution in lodash - https://github.com/advisories/GHSA-fvqr-27wr-82fm Command Injection in lodash - https://github.com/advisories/GHSA-35jh-r3h4-6jhm Regular Expression Denial of Service (ReDoS) in lodash - https://github.com/advisories/GHSA-29mw-wpgm-hmr9 Regular Expression Denial of Service (ReDoS) in lodash - https://github.com/advisories/GHSA-x5rq-j2xg-h7qm Prototype Pollution in lodash - https://github.com/advisories/GHSA-p6mc-m468-83gw fix available vianpm audit fix --forceWill install [email protected], which is a breaking change node_modules/babel-plugin-proto-to-assign/node_modules/lodash node_modules/ember-data-hal-9000/node_modules/lodash babel-core <=6.9.1 Depends on vulnerable versions of babel-plugin-proto-to-assign Depends on vulnerable versions of lodash Depends on vulnerable versions of minimatch node_modules/ember-data-hal-9000/node_modules/babel-core broccoli-babel-transpiler <=5.7.4 Depends on vulnerable versions of babel-core node_modules/ember-data-hal-9000/node_modules/broccoli-babel-transpiler ember-cli-babel <=5.2.8 Depends on vulnerable versions of broccoli-babel-transpiler node_modules/ember-data-hal-9000/node_modules/ember-cli-babel ember-data-hal-9000 >=0.1.7 Depends on vulnerable versions of ember-cli-babel node_modules/ember-data-hal-9000 babel-plugin-proto-to-assign * Depends on vulnerable versions of lodash node_modules/babel-plugin-proto-to-assignLooks like ember-data-hal-9000 depends on an old version of ember-cli-babel that has vulnerabilties.
Please could the maintainers have a look? I notice that this addon is still getting downloads (150+ in the last month), so likely there are a lot of people using it.
Thanks
The text was updated successfully, but these errors were encountered: