Fix prototype pollution vulnerability.

Signed-off-by: Ryan McQuen <RyanMcQuen@stockx.com>
auth0 · Jan 28, 2022 · 551bf40 · 551bf40
1 parent 354e1f8
commit 551bf40
Show file tree

Hide file tree

Showing 4 changed files with 743 additions and 990 deletions.
diff --git a/README.md b/README.md
@@ -96,7 +96,7 @@ The token can also be attached to the `result` object with the `resultProperty`
 jwt({ secret: publicKey, algorithms: ['RS256'], resultProperty: 'locals.user' });
 ```
 
-Both `resultProperty` and `requestProperty` utilize [lodash.set](https://lodash.com/docs/4.17.2#set) and will accept nested property paths.
+Both `resultProperty` and `requestProperty` utilize [lodash.set](https://lodash.com/docs/4.17.15#set) and will accept nested property paths.
 
 ### Customizing Token Location
 

diff --git a/lib/index.js b/lib/index.js
@@ -2,7 +2,7 @@ var jwt = require('jsonwebtoken');
 var UnauthorizedError = require('./errors/UnauthorizedError');
 var unless = require('express-unless');
 var async = require('async');
-var set = require('lodash.set');
+var set = require('lodash/set');
 
 var DEFAULT_REVOKED_FUNCTION = function(_, __, cb) { return cb(null, false); };