Ben Neoh [SSW]

As per my investigation here are the number of vulnerable packages 

lodash.set is used in tinacms package where no longer maintained as per this [article](https://security.snyk.io/package/npm/lodash.set/4.3.2) replacing to lodash

### **Progress update** Vulnerabilities down from 24 -> 1  **Figure: current vulnerable packages** **Left over vulnerable packages:** Plate - which will be removed after plate package upgrade PBI is...

As per Tina team daily meeting on 26/8/2024 , we are reopening this issue due to the reappearance of a vulnerability. This might be a result of the numerous version...

 **Figure: Current vulnerability packages** Packages involved - micromatch - lodash.set - axios - semver - ws

**Progress update** vulnerable down from 5 -> 3 Leftover vulnerable packages - lodash.set - used in graphql packages, need further investigation for current set method usage in the package (we...

### Progress update Vulnerable packages down to **2** , Blocked waiting peer dependency to be solve from [changeset packages](https://github.com/changesets/changesets/issues/1448) #### ⚠️Blocked - Leftover vulnerable packages Packages **lodash.set** - Our team...

Great idea

Check if you have a yarn.lock (or package.json) file higher up in the filetree from the project in your local machine, try removing them if there is any and redo...

Update: ✅ All test case and build passed ❌ The pr does not fix the bug (More spike needed) Task: - [x] Repo issue before fix - [x] Clone branch...