Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix lodash vulnerability #279

Open
sarthaktexas opened this issue Sep 1, 2020 · 2 comments
Open

fix lodash vulnerability #279

sarthaktexas opened this issue Sep 1, 2020 · 2 comments
Labels
awaiting more info

Comments

@sarthaktexas
Copy link

I'd like to get that vuln fixed but I have no idea where the file it generates it from is located. Can someone guide me as to where the package.json is originally generated from?
@dougwilson
Copy link
Contributor

Can you provide details for how we can reproduce seeing the issue? Then we can help you figure out what to change. Right now there is no reproduction steps for us to see what it is to assist further.

@sarthaktexas
Copy link
Author

when I use express generator to create an app (specifically with the pug view), it creates the app. then, when I push to git, dependabot slides into my dm's saying low vulnerability: add lodash blah blah blah like this: "lodash": ">=4.17.19", so if we put that into the source for express generator, people won't need to do that anymore

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
awaiting more info
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dougwilson @sarthaktexas