Skip to content

Lodash security audits #2877

Closed
Closed
Lodash security audits#2877
Labels
bug: dependencyA problem in one of Eleventy’s dependenciesnpm-auditSecurity audits from npm
Milestone
Eleventy 2.0.1
@zachleat

Description

@zachleat
zachleat
opened on Mar 21, 2023

Regression from #2697

Upstream at https://github.com/lodash/lodash/issues/5499

https://security.snyk.io/package/npm/lodash.set

I do wonder if that particular vulnerability will also just exist on the upstream library too? It looks like the code hasn’t changed since 2017: https://github.com/lodash/lodash/blame/master/set.js It may be a larger issue with how (and when) lodash issues these single function packages!

Metadata

Metadata

Assignees

No one assigned

    Labels

    bug: dependencyA problem in one of Eleventy’s dependenciesnpm-auditSecurity audits from npm

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions