This repository has been archived by the owner on Dec 27, 2023. It is now read-only.
Security | Critical vulnerability in lodash@4.17.19 #650
Labels
dependencies
Pull requests that update a dependency file
Our dependency-check has notified us that the version of
lodash@4.17.19
has a CRITICAL security vulnerability that should no longer be used and instead upgrade to a patched version of lodash.From this report: GHSA-35jh-r3h4-6jhm
npm ls lodash tree (oc-template-react-compiler):
Proposed Solution
Bump the version of lodash to the patched version
4.17.21
.Optionally, can we use a minor semver
^4.17.21
to keep this up to date without a release?The text was updated successfully, but these errors were encountered: