Security Vulnerability in ancient lodash
angelol opened this issue · 3 comments
angelol commented
This package uses an ancient version of lodash that has security vulnerability:
https://hackerone.com/reports/380873
Please upgrade to lodash 4.17.11 immediately.
gabegorelick commented
Still an issue. Lodash dev recommends using lodash package directly rather than the sub-packages. See lodash/lodash#4193 (comment).
ceastman-ibm commented
@beaugunderson any update?
beaugunderson commented
fixed in 5.9.1, thank you all for your patience 🙏