Prototype Pollution and Command Injection in lodash as High Risk
cherrelleM1 opened this issue ยท 1 comments
cherrelleM1 commented
Current behaviour ๐ฃ
The Github Dependabot alerts cannot update lodash package.
GHSA-p6mc-m468-83gw
Expected behaviour โ๏ธ
The Github Dependabot alerts should be able to update.
Reproduction Example ๐พ
On github, go to security tab.
Environment ๐ฅ
Node.js v16.13.2
win32 10.0.18363
8.3.2
"html-webpack-plugin": "^5.5.0",
alexander-akait commented
Fixed on lodash side, please update your deps, sorry for a logn answer