Sec Alert. set-value. Increase version to 2.0.1 or later. Prototype Pollution

[giancorderoortiz]

The following security alert has been risen by github.

Alert:

1. https://github.com/SAP/cloud-commerce-spartacus-storefront/network/alert/projects/storefrontstyles/yarn.lock/set-value/open

2. https://github.com/SAP/cloud-commerce-spartacus-storefront/network/alert/yarn.lock/set-value/open

3. https://github.com/SAP/cloud-commerce-spartacus-storefront/network/alert/projects/backend/occ-client/yarn.lock/set-value/open

Severity: high-severity

Request: Upgrade set-value to version 2.0.1 or later.

Motive: Vulnerable to Prototype Pollution in versions before 2.0.1 and version 3.0.0 See CVE-2019-10747 https://github.com/advisories/GHSA-4g88-fppr-53pp

Additional comments: If decision is to dismiss, please provide concrete justification for further assessment during peer review.

[tobi-or-not-tobi]

Update to the latest stable version of the sass library is fixing this vulnerability as the set-value dependency is no longer used.

[tobi-or-not-tobi]

QA

• ensure we do not have vulnerability issues on the repo anymore (or at least related to this error).

[giancorderoortiz]

I agree with solution.