The @openapitools/openapi-generator-cli package (version 2.28.0) depends on inquirer: 8.2.7, which has a transitive dependency onlodash: ^4.17.21
This version of lodash has known security vulnerabilities that require lodash 4.17.23 or later.
Suggested fix: Update to inquirer version 9.x or later, which has removed the lodash dependency entirely. This would eliminate the security issue and reduce the package's dependency footprint.
As a temporary workaround, we're using npm overrides to force lodash to 4.17.23+, but a proper fix would be preferred.
The
@openapitools/openapi-generator-clipackage (version 2.28.0) depends oninquirer: 8.2.7, which has a transitive dependency onlodash: ^4.17.21This version of lodash has known security vulnerabilities that require lodash 4.17.23 or later.
Suggested fix: Update to
inquirerversion 9.x or later, which has removed the lodash dependency entirely. This would eliminate the security issue and reduce the package's dependency footprint.As a temporary workaround, we're using npm overrides to force lodash to 4.17.23+, but a proper fix would be preferred.