Command Injection in lodash

Open avipars opened this issue 7 months ago • 1 comments

Transitive dependency lodash.template 4.5.0 is introduced via gulp-header 2.0.9 lodash.template 4.5.0

I see there are 3 pull requests which seem to fix the issue, can one of them be merged?

May 10 '25 18:05 avipars

https://github.com/gulp-community/gulp-header/pull/70 was merged which fixes this, but it has not been released yet

Sep 17 '25 20:09 aaronmaxlevy