search

Brightspace / serverless-plugin-for-each

Serverless plugin that adds $forEach syntax to reduce code duplication and allow creating dynamic templates
Apache License 2.0
1 stars 5 forks source link

chore(deps): replace lodash.get and lodash.set by lodash #113

Closed throrin19 closed 7 months ago

throrin19 commented 7 months ago

Replace lodash.get and lodash.set by lodash which hasn't been updated in 8 years.

Actually, lodash.set has a high vulnerability and it must be fixed as soon as possible : 

# npm audit report

lodash.set  *
Severity: high
Prototype Pollution in lodash - https://github.com/advisories/GHSA-p6mc-m468-83gw
No fix available
node_modules/lodash.set
  serverless-plugin-for-each  *
  Depends on vulnerable versions of lodash.set
  node_modules/serverless-plugin-for-each

2 high severity vulnerabilities

This issue close #112

AntonBazhal commented 7 months ago

Thanks for the contribution!

d2l-github-release-tokens[bot] commented 7 months ago

:tada: This PR is included in version 3.1.2 :tada:

The release is available on:

Your semantic-release bot :package::rocket: