NPM Audit Vulnerabilities

While running npm audit I got vulnerabilities from express brute through underscore. I saw some discussion here about changing underscore for 2.0, so I guess this issue won't be open for long. Maybe updating underscore from 1.8.3 to 1.12.0 for express-brute 1.0.2 may do the trick, but I didn't take the time to be sure.

```
# npm audit report

express-brute  *
Severity: high
Rate Limiting Bypass in express-brute - https://github.com/advisories/GHSA-984p-xq9m-4rjw
Depends on vulnerable versions of underscore
No fix available
node_modules/express-brute

underscore  1.3.2 - 1.12.0
Severity: high
Arbitrary Code Execution in underscore - https://github.com/advisories/GHSA-cf4h-3jhx-xvhq
No fix available
node_modules/express-brute/node_modules/underscore
  express-brute  *
  Depends on vulnerable versions of underscore
  node_modules/express-brute

2 high severity vulnerabilities
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

NPM Audit Vulnerabilities #95

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

NPM Audit Vulnerabilities #95

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions