chore(apps): Update lodash #4397
Conversation
…ecurity vulnerability
…curity vulnerability
|
@JensAstrup is attempting to deploy a commit to the shadcn-pro Team on Vercel. A member of the Team first needs to authorize it. |
# Conflicts: # apps/www/components/theme-customizer.tsx
|
would be great if this could be merged in |
|
Any idea about what is missing to merge it? |
|
I have no idea who I'm waiting on or what the next step is, unless I'm missing something from |
|
Would also appreciate it if maintainers could take a look. Thank you! |
|
Thanks for the work @JensAstrup.ave you heard back from them through any other channels? I'm guessing not... |
|
No, haven't heard anything yet :/ |
|
Please expedite this PR |
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
|
@shadcn Way more checks were run after that merge, I assume that has to do with the failing Vercel build? I'll take a look into the others 👀 |
|
The lock file seems out of date @JensAstrup
Can you try
|
|
is there an update or we can jump in to help? |
|
Please fix this asap. |
shadcn
added
the
area: roadmap
|
@shadcn can we help? It should be a simple fix in the CI |
|
Same urgency here. Thank you. |
* chore(apps): Refactor usage of lodash.template to lodash to address security vulnerability * chore(cli): Refactor usage of lodash.template to lodash to address security vulnerability * deps: update lock * chore: changesets * style: fix format * fix: import * chore: build registry --------- Co-authored-by: shadcn <m@shadcn.com>
Background
There is currently a vulnerability in
lodash.templatethat is of high severity which this repository relies on. No update has been made on their end and the project was last updated 5 years ago.Solution
In order to resolve the vulnerability I replaced
lodash.templatewith the current version oflodashand replaced usages ofimport template from "lodash.template"withimport { template } from "lodash"which should achieve the same functionalityCloses #3978