Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Upgrade to resolve lodash security vulnerability #1645

Closed
awentzel opened this issue May 20, 2021 · 2 comments · Fixed by #1658
Closed

Upgrade to resolve lodash security vulnerability #1645

awentzel opened this issue May 20, 2021 · 2 comments · Fixed by #1658

Comments

@awentzel
Copy link

Please update lodash to use latest and/or at least minor increment to .21 to resolve security vulnerability https://github.com/microsoft/fast/security/dependabot/yarn.lock/lodash/open for details.
@tschmidtb51
Copy link
Contributor

The link isn't working anymore. Please see the Changelog instead.

tschmidtb51 added a commit to tschmidtb51/html-webpack-plugin that referenced this issue Jun 22, 2021
@tschmidtb51
Fix security vulnerabilities
f564abf 
- fix jantimon#1645
- update "lodash" to "^4.17.21"
@tschmidtb51 tschmidtb51 mentioned this issue Jun 22, 2021
Merged
jantimon pushed a commit that referenced this issue Jun 22, 2021
@tschmidtb51 @jantimon
Fix security vulnerabilities
9c7fba0 
- fix #1645
- update "lodash" to "^4.17.21"
@jantimon
Copy link
Owner

Released as 5.3.2

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix security vulnerabilities tschmidtb51/html-webpack-plugin
3 participants
@jantimon @awentzel @tschmidtb51