lodash-webpack-plugin icon indicating copy to clipboard operation
lodash-webpack-plugin copied to clipboard

Published 20 hours ago verified publisher icon lodash

Update package.json

Open RamyaPayyavula opened this issue 5 years ago • 2 comments

older version of babel and lodash has injection vulnerability. An attacker can inject malicious code via sourceURL since it is not sanitized for the user-provided code that leads to the eval() function.

RamyaPayyavula avatar Aug 07 '20 16:08 RamyaPayyavula

CLA assistant check
Thank you for your submission, we really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.

jsf-clabot avatar Aug 07 '20 16:08 jsf-clabot

Hi @RamyaPayyavula!

See #171 😃

falsyvalues avatar Aug 12 '20 08:08 falsyvalues