Open vidhyadharmaraj opened 5 years ago
It seems the last version of grunt-ts requires the following package(s): csproj2ts inturn using vulnerable lodash version 4.17.4
Unfortunately, these packages have a dependency of lodash. https://snyk.io/vuln/npm:lodash fixed at version 4.17.12.
I'm just creating the issue to notify this fact and request a dependency update when the related packages are updated.
Thanks.
nycdotnet
commented
5 years ago nycdotnet
commented
5 years ago
https://snyk.io/blog/snyk-research-team-discovers-severe-prototype-pollution-security-vulnerabilities-affecting-all-versions-of-lodash/
It seems the last version of grunt-ts requires the following package(s): csproj2ts inturn using vulnerable lodash version 4.17.4
Unfortunately, these packages have a dependency of lodash. https://snyk.io/vuln/npm:lodash fixed at version 4.17.12.
I'm just creating the issue to notify this fact and request a dependency update when the related packages are updated.