npm audit reporting vulnerable version of lodash #258
Description
It looks like blue-button is depending on lodash version ^3.10.0. Could the dependency be updated to a more recent version of lodash?
Running "npm audit" report a vulnerability with this version:
=== npm audit security report ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
Moderate Prototype Pollution
Package lodash
Patched in >=4.17.11
Dependency of blue-button
Path blue-button > blue-button-model > lodash
More info https://npmjs.com/advisories/782
Moderate Prototype Pollution
Package lodash
Patched in >=4.17.11
Dependency of blue-button
Path blue-button > blue-button-xml > lodash
More info https://npmjs.com/advisories/782
Moderate Prototype Pollution
Package lodash
Patched in >=4.17.11
Dependency of blue-button
Path blue-button > lodash
More info https://npmjs.com/advisories/782
Low Prototype Pollution
Package lodash
Patched in >=4.17.5
Dependency of blue-button
Path blue-button > blue-button-model > lodash
More info https://npmjs.com/advisories/577
Low Prototype Pollution
Package lodash
Patched in >=4.17.5
Dependency of blue-button
Path blue-button > blue-button-xml > lodash
More info https://npmjs.com/advisories/577
Low Prototype Pollution
Package lodash
Patched in >=4.17.5
Dependency of blue-button
Path blue-button > lodash
More info https://npmjs.com/advisories/577
found 6 vulnerabilities (3 low, 3 moderate)