-
Notifications
You must be signed in to change notification settings - Fork 3.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update lodash to > 4.17.12 #4730
Comments
fix already merged in develop, but not released yet :( #4684 |
Duplicate of #4699 |
The code for this is done in #4709, but this has yet to be released. We'll update this issue and reference the changelog when it's released. You can run But also Cypress is immune to most if not all security vulnerabilities because its locally run software - not a web server hosted in the cloud, so this security issue doesn't even apply and is low priority for us. |
Thanks for the prompt response :) |
Released in |
running npm audit shows a Prototype Pollution vulnerability, please update the lodash library to verions highter than 4.17.12
https://www.npmjs.com/advisories/1065
Current behavior:
Desired behavior:
Steps to reproduce: (app code and test code)
Versions
cypress 3.4.0
cypress 3.4.0
Mac OSX
Chrome
The text was updated successfully, but these errors were encountered: