Closed somuda86 closed 3 years ago
I'm have not tested this, but would guess that there are some issues. The 9.0.3
version of the tree still has lodash-es in version 4.17.15
as a dependency. We can update this to 4.17.20
and release it as a new version. Would a new version help or do you need lodash-es do be gone completely?
Because of a fix for the virtual scroll we also updated older versions of the tree. In that update I added also the lodash-es update. So in the new version 9.0.4
there are two new bugfixes for virtual scroll and also the update for lodash-es to version 4.17.20
.
lodash 4.17.20 wont solve the security issue. I request you to upgrade to 4.17.21. @tobiasengelhardt
@tobiasengelhardt I am sorry I should have commented earlier. But 9.0.4 has security issues as lodash 4.17.20 has to CWE issues. I am afraid you may have cut a new release with lodash-es 4.17.21. https://snyk.io/vuln/npm:lodash@4.17.20
There is now version 9.0.5
available with lodash-es 4.17.21
. There will also be a 10.0.4
version with the same update. If there are new lodash issues in the future just open a new issue and we will update lodash again.
I believe and I noticed there was some effort around removing lodash-es and I see it has been removed. Does the latest release compatible with angular 9?