Closed shprota closed 1 year ago
The lodash.set package has an open CVE: https://security.snyk.io/vuln/SNYK-JS-LODASHSET-1320032. The maintainer of Lodash will not release a patched version, and he considers the per-method packages https://github.com/lodash/lodash/issues/3793#issuecomment-389774153.
We should be able to use set-value as a drop-in replacement.
closed by #493
Nikaple
commented
1 year ago Nikaple
commented
1 year ago
I'm submitting a...
Current behavior
The lodash.set package has an open CVE: https://security.snyk.io/vuln/SNYK-JS-LODASHSET-1320032. The maintainer of Lodash will not release a patched version, and he considers the per-method packages https://github.com/lodash/lodash/issues/3793#issuecomment-389774153.
We should be able to use set-value as a drop-in replacement.