oc-template-react icon indicating copy to clipboard operation
oc-template-react copied to clipboard
verified publisher icon opencomponents

Security - Bumps lodash@^4.17.21 for critical security patch

Open sforsberg opened this issue 4 years ago • 1 comments

Bumps lodash@^4.17.21 to patch a critical security vulnerability in the current hoisted version 4.17.19.

NOTE: Uses a minor semver to allow lodash to be easily bumped for future minor and patch versions. If this is preferred not to be used, I can revert this to a fixed version.

Resolves: #650

sforsberg avatar Oct 14 '21 13:10 sforsberg

I may actually bump a few other dependencies in particular, most oc-* deps can likely be updated to use a minor semver ~and async is still pulling in [email protected].~ (Disregard async, [email protected] resolves the lodash vulnerability.)

Any objections to do that?

sforsberg avatar Oct 14 '21 13:10 sforsberg