grunt-ts icon indicating copy to clipboard operation
grunt-ts copied to clipboard
verified publisher icon TypeStrong

Lodash prototype pollution vulnerability

Open vidhyadharmaraj opened this issue 6 years ago • 1 comments

https://snyk.io/blog/snyk-research-team-discovers-severe-prototype-pollution-security-vulnerabilities-affecting-all-versions-of-lodash/

It seems the last version of grunt-ts requires the following package(s): csproj2ts inturn using vulnerable lodash version 4.17.4

Unfortunately, these packages have a dependency of lodash. https://snyk.io/vuln/npm:lodash fixed at version 4.17.12.

I'm just creating the issue to notify this fact and request a dependency update when the related packages are updated.

vidhyadharmaraj avatar Aug 21 '19 08:08 vidhyadharmaraj

Thanks.

nycdotnet avatar Aug 21 '19 12:08 nycdotnet