-
-
Notifications
You must be signed in to change notification settings - Fork 128
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dependency lodash.set has Prototype Pollution vulnerability #303
Comments
We use lodash.set in several places in the code. Do you have any suggested alternatives by chance? |
I just learned about https://www.npmjs.com/package/wild-wild-path, perhaps this has too much functionality. |
Hi. I opened a pull request for this matter. Please consider checking it out. It's a simple change. |
Hello, I also opened a pull request for this issue. #315 . It would be great if you could have a look. |
Thanks for solving this @StefOodle. Could we get a version with the fix published onto npm please @danpaz? |
Yes just published as 2.5.1. This reminded me publishing from Travis CI is still broken #297 😞 |
https://security.snyk.io/vuln/SNYK-JS-LODASHSET-1320032
I advise replacing that dependency.
The text was updated successfully, but these errors were encountered: