Critical Vulnerable module - underscore module

[udhayamoorthys]

Critical Arbitrary Code Execution in underscore
Package underscore
Patched in >=1.12.1
Dependency of json-sql

run npm audit

[lbeschastny]

If I remember correctly, only _.template is affected by this vulnerability.

So, json-sql should not be actually affected in any way.

[lbeschastny]

Bumping underscore is still a good idea, though

[santhoshreddytirumuru]

There is a pull request with potential fix for this
#51

[titanism]

FYI - don't want to spam here, but we have just released a fork of this project called json-sql-enhanced at https://github.com/forwardemail/json-sql-enhanced. It is modern and maintained, and we accept issues and pull requests.
Thank you 🙏

(our fork is dependency free)