Underscore 1.12.1 being used shows vulnerability https://npmjs.com/advisories/1674
venkatp253 opened this issue · 0 comments
venkatp253 commented
- Please check our current Issues to see if someone already reported this https://github.com/Microsoft/typed-rest-client/issues
- Take a look at our Instructions for logging issues https://github.com/Microsoft/typed-rest-client/blob/master/CONTRIBUTING.md#instructions-for-logging-issues
Environment
Node version: v15.5.1
Npm version: 6.14.11
OS and version: windows 10, 21H1 build 19043.110
typed-rest-client version: 1.8.4 (latest)
Issue Description
Underscore 1.12.1 being used shows vulnerability https://npmjs.com/advisories/1674
Expected behaviour
npm audit should not show this high severity vulnerability
Actual behaviour
npm audit
High Arbitrary Code Execution
Package underscore
Patched in >=1.12.1
Dependency of azure-pipelines-tasks-azure-arm-rest-v2
Path azure-pipelines-tasks-azure-arm-rest-v2 > typed-rest-client
> underscore
More info https://npmjs.com/advisories/1674
Steps to reproduce
- npm audit