-
Notifications
You must be signed in to change notification settings - Fork 302
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NPM audit reports nw-builder as insecure #500
Comments
@ea2973929 I looked into this. It seems there is a potential for breaking changes as a result of the update. If you could submit a PR it would be great. |
This seems pretty straightforward, as the issue is I would rather have the code ported here, as it will void the issue with duplicate lodash (used here and there) |
@vankasteelj could you submit a PR ? |
Yeah probably, but idk when I'll have the time, monday maybe |
if @adam-lynch is there, adam-lynch/platform-overrides#6 I'll PR a port to nw-builder as well |
- fixes lodash vulnerability issue - closes nwutils#500
- fixes lodash vulnerability issue - closes nwutils#500
Ok, PR done |
See https://david-dm.org/nwjs/nw-builder
The problematic package is
lodash
and there are new versions available that can easily fix this.npm audit
with even low security problems will fail our builds (because npm audit does not distinguish between different levels) so an updated nw-builder would be very welcome.The text was updated successfully, but these errors were encountered: