Cheerio needs to update it's lodash package to address the High severity vulnerability found in lodash as per: https://snyk.io/vuln/SNYK-JS-LODASH-450202
Lodash appears to have addressed the problem w/4.17.4 as per: https://github.com/lodash/lodash/issues/4348
👍 Have upgraded other packages to latest lodash patch and it resolves the issue. Would be good to get cheerio updated.
I sat down to offer a PR for this, but it looks like cheerio's master branch already has no non-dev "npm audit" warnings left. Any chance of a release? It's becoming a barrier to adoption unfortunately. Appreciate your time!
Still no release?
Maybe you're getting ready to roll it out. Sorry to be a nag...
Agreed that it's been a long time. Only closing as it has been fixed unfortunately.
Understood. What could we do to help make a release possible?
On Thu, Aug 27, 2020 at 9:47 AM Felix Böhm notifications@github.com wrote:
Agreed that it's been a long time. Only closing as it has been fixed
unfortunately.—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/cheeriojs/cheerio/issues/1346#issuecomment-681959736,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AAAH27PSEX6A6X7HCTGJRH3SCZPYTANCNFSM4ITAZJHQ
.
--
THOMAS BOUTELL | CHIEF TECHNOLOGY OFFICER
APOSTROPHECMS | apostrophecms.com | he/him/his
The biggest issue right now is that both the 1.0 and the master branch have valid changes that move the codebase forward. The changes from master have to be ported to the 1.0 branch. I know this is tedious work, and any help would be greatly appreciated.
I see. Shouldn't be hard to figure out when they diverged from the git logs.
On Thu, Aug 27, 2020 at 9:58 AM Felix Böhm notifications@github.com wrote:
The biggest issue right now is that both the 1.0 and the master branch
have valid changes that move the codebase forward. The changes from master
have to be ported to the 1.0 branch. I know this is tedious work, and any
help would be greatly appreciated.—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/cheeriojs/cheerio/issues/1346#issuecomment-681965938,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AAAH27NPWNIB4MRLHPDMFZTSCZQ67ANCNFSM4ITAZJHQ
.
--
THOMAS BOUTELL | CHIEF TECHNOLOGY OFFICER
APOSTROPHECMS | apostrophecms.com | he/him/his
I will put this on my "contribute when I'm able" list. We really value this
module at ApostropheCMS!
On Thu, Aug 27, 2020 at 11:18 AM Tom Boutell tom@apostrophecms.com wrote:
I see. Shouldn't be hard to figure out when they diverged from the git
logs.On Thu, Aug 27, 2020 at 9:58 AM Felix Böhm notifications@github.com
wrote:The biggest issue right now is that both the 1.0 and the master branch
have valid changes that move the codebase forward. The changes from master
have to be ported to the 1.0 branch. I know this is tedious work, and any
help would be greatly appreciated.—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/cheeriojs/cheerio/issues/1346#issuecomment-681965938,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AAAH27NPWNIB4MRLHPDMFZTSCZQ67ANCNFSM4ITAZJHQ
.--
THOMAS BOUTELL | CHIEF TECHNOLOGY OFFICER
APOSTROPHECMS | apostrophecms.com | he/him/his
--
THOMAS BOUTELL | CHIEF TECHNOLOGY OFFICER
APOSTROPHECMS | apostrophecms.com | he/him/his
@fb55 hmm, I'm getting "already up to date" when I try to git merge master into v1.0.0. Doesn't sound like they diverge?
I actually rebased things yesterday and forgot to update this 😄
Thank you so much @boutell for giving this a shot tho!
Hey happy to get credit for doin' nothin' (:
I'm excited, sounds like you're close to a release!
On Fri, Sep 11, 2020 at 4:21 PM Felix Böhm notifications@github.com wrote:
Thank you so much @boutell https://github.com/boutell for giving this a
shot tho!—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/cheeriojs/cheerio/issues/1346#issuecomment-691294643,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AAAH27M4DPQPDK7IQJWL66DSFKBFDANCNFSM4ITAZJHQ
.
--
THOMAS BOUTELL | CHIEF TECHNOLOGY OFFICER
APOSTROPHECMS | apostrophecms.com | he/him/his
Most helpful comment
I sat down to offer a PR for this, but it looks like cheerio's master branch already has no non-dev "npm audit" warnings left. Any chance of a release? It's becoming a barrier to adoption unfortunately. Appreciate your time!