You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Oct 26, 2020. It is now read-only.
Can you please fix this. I try to integrate minimed-connect-to-nightscout into Nightscout and get:
$ npm audit
npm WARN audit Both npm-shrinkwrap.json and package-lock.json exist, using npm-shrinkwrap.json.
=== npm audit security report ===
# Run npm update lodash --depth 2 to resolve 1 vulnerability
High Prototype Pollution
Package lodash
Dependency of minimed-connect-to-nightscout
Path minimed-connect-to-nightscout > lodash
More info https://nodesecurity.io/advisories/1065
Can you upgrade lodash and confirm it works with minimed-connect-to-nightscout and then release a 1.3.1?
The text was updated successfully, but these errors were encountered:
@szymjaw or @mddub: can you fix this so we can release a version of minimed-connect-to-nightscout without known security issues integrated in Nightscout?
Fixed in 59f06ff. I just pushed v1.3.1 to npm. I can't verify that things still work, but I'm assuming so, since only the patch version changed for lodash, and the mocha dependency is only for tests, which still pass.
Can you please fix this. I try to integrate
minimed-connect-to-nightscout
into Nightscout and get:Can you upgrade lodash and confirm it works with minimed-connect-to-nightscout and then release a 1.3.1?
The text was updated successfully, but these errors were encountered: