SentenTree icon indicating copy to clipboard operation
SentenTree copied to clipboard
verified publisher icon twitter

[Snyk] Upgrade lodash from 4.17.4 to 4.17.21

Open snyk-bot opened this issue 3 years ago • 1 comments

Snyk has created this PR to upgrade lodash from 4.17.4 to 4.17.21.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 14 versions ahead of your current version.
  • The recommended version was released 2 years ago, on 2021-02-20.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Prototype Pollution
SNYK-JS-LODASH-73638		 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Proof of Concept
Prototype Pollution
SNYK-JS-LODASH-608086		 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Proof of Concept
Prototype Pollution
SNYK-JS-LODASH-567746		 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Proof of Concept
Prototype Pollution
SNYK-JS-LODASH-450202		 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Proof of Concept
Command Injection
SNYK-JS-LODASH-1040724		 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Proof of Concept
Prototype Pollution
npm:lodash:20180130		 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-73639		 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905		 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

snyk-bot avatar Jan 15 '23 03:01 snyk-bot

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

CLAassistant avatar Jan 15 '23 03:01 CLAassistant