I’m working with a public repo I created for the enigma-discovery CLI getting started guide.
Github warned me that there’s a security vulnerability in lodash, which is coming from the jayson@2.1.2 dependency used by enigma-js@0.0.5 . Just wanted to give a heads up in case it’s possible for Enigma to update their version of jayson to solve the issue. I’m not sure if it’s possible for end users depending on enigma-js to override the lodash dependency version themselves.
Thanks @crypto_mentions, we’re well aware of it, and it’s being addressed in https://github.com/enigmampc/enigma-contract/pull/123 which will be merged today into develop. lodash is a dependency of a few other packages, so other items needed to be reviewed as well. We’re also pushing a merge from develop to master this week.