Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

2nd source of lodash 4.17.14 vulnerability #128

Open
fchenTelus opened this issue Aug 8, 2020 · 0 comments
Open

2nd source of lodash 4.17.14 vulnerability #128

fchenTelus opened this issue Aug 8, 2020 · 0 comments
Labels
maintenance dependency updates, etc.

Comments

@fchenTelus
Copy link

fchenTelus commented Aug 8, 2020
edited

The problem is at:
cz-conventional-changelog -> @commitlint/load@>6.1.1 -> lodash@4.17.14
Theoretically the > operator you folks have put onto @commitlint/load should fetch the newest version of @commitlint/load (that would in turn use a newer lodash), but it's not happening for me. It will only install up to @commitlint/load@8.1.0 rather than @commitlint/load@9.1.2 which would fix my problem. And running npm update @commitlint/load --depth 10 doesn't solve it either.

Could @commitlint/load be set to a newer version in your package.json dependencies?
Thanks!
@dmwelch dmwelch added the maintenance dependency updates, etc. label Sep 14, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
maintenance dependency updates, etc.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dmwelch @fchenTelus