Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependency vulnerability lodash #3177

Closed
ardeshireshghi opened this issue Oct 12, 2018 · 0 comments · Fixed by JetBrains/ring-ui#516, Narshe1412/nuarca-sql#25 or karronoli/redpen#10
Closed

Dependency vulnerability lodash #3177

ardeshireshghi opened this issue Oct 12, 2018 · 0 comments · Fixed by JetBrains/ring-ui#516, Narshe1412/nuarca-sql#25 or karronoli/redpen#10

Comments

@ardeshireshghi
Copy link

  • Karma version (3.0.0):

The lodash library version used has vulnerability (https://nvd.nist.gov/vuln/detail/CVE-2018-3721):

lodash ~> 4.17.4

It is suggested to move to 4.17.5
jniles added a commit to jniles/karma that referenced this issue Nov 6, 2018
@jniles
fix(package): bump lodash version
a9f4714 
Bumps lodash to 4.17.5 avoid medium severity vulnerability
(https://nvd.nist.gov/vuln/detail/CVE-2018-3721) found in 4.17.4.

Closes karma-runner#3177.
@jniles jniles mentioned this issue Nov 6, 2018
Merged
johnjbarton pushed a commit that referenced this issue Nov 7, 2018
@jniles @johnjbarton
fix(package): bump lodash version (#3203)
d38f344 
Bumps lodash to 4.17.5 avoid medium severity vulnerability
(https://nvd.nist.gov/vuln/detail/CVE-2018-3721) found in 4.17.4.

Closes #3177.
@dependencies dependencies bot mentioned this issue Dec 2, 2018
Merged
@snyk-bot snyk-bot mentioned this issue Oct 12, 2019
Merged
@karronoli karronoli mentioned this issue Aug 16, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@ardeshireshghi