Package "underscore" ~1.8.3 Has a Security Vulnerability

Question

guy-microsoft opened this issue 4 years ago · 5 comments

Should be updated to 1.12.1 to resolve it.
https://snyk.io/vuln/npm:underscore

Answer 1 · 2021-04-07T17:22:22.000Z

This would be resolved by #677

Answer 2 · 2021-04-23T00:12:28.000Z

Can someone please publish the updated azure-storage package as well.

We are dependent on the azure-storage package and are getting component governance alert for the same.

Answer 3 · 2021-04-28T08:29:14.000Z

#677 Version update has been merged and it's ready to release.

Wondering if there's a programmed release cadence, or any urgency to release security patches.

Answer 4 · 2021-05-06T17:59:18.000Z

Table Storage is feeling more and more like a dead product. The only lib that supports it hasn't been updated in 2 years :-/

Answer 5 · 2021-08-03T09:52:17.000Z

A new version 2.10.4 has been published with upgrading to underscore 1.12.1, which should be able to fix this issue.

Thanks
Emma