cli-table2 icon indicating copy to clipboard operation
cli-table2 copied to clipboard
verified publisher icon jamestalmage

Update dependency lodash

Open icodeforlove opened this issue 7 years ago • 4 comments

Related to the following issue

https://nodesecurity.io/advisories/577

icodeforlove avatar Aug 22 '18 09:08 icodeforlove

Seems like its updated in the repo, but the published version on NPM under 0.2.0 has the following dependencies.

  "dependencies": {
    "colors": "^1.1.2",
    "lodash": "^3.10.1",
    "string-width": "^1.0.1"
  }

Seems like the last NPM version update was in 2016, would make sense to just bump it with the recent updates to 0.2.1.

icodeforlove avatar Aug 22 '18 09:08 icodeforlove

After ~6 months, is there any update on this?

tiberiumihai avatar Jan 06 '19 15:01 tiberiumihai

Added PR here: https://github.com/jamestalmage/cli-table2/pull/54

Can someone take a look on this and publish the new version to npm?

tiberiumihai avatar Jan 06 '19 15:01 tiberiumihai

Until this is merged and published in npm feed, you can use npm shrinkwrap to force install nested dependency of lodash as latest version 4.17.11:

"devDependencies": {
  "@nestjs/cli": {
      "version": "^5.7.1",
      "from": "@nestjs/cli@^5.7.1",
      "dependencies": {
        "cli-table2": {
          "version": "^0.2.0",
          "from": "cli-table2@^0.2.0",
          "dependencies": {
            "lodash": {
              "version": "4.17.11",
              "from": "lodash@^3.10.1"
            }
          }
        }
      }
    },
}

tiberiumihai avatar Jan 06 '19 16:01 tiberiumihai