chore(minify): remediate CVE-2018-3721: update lodash to latest, remove use of deprecated module packages

babel / minify

:scissors: An ES6+ aware minifier based on the Babel toolchain (beta)

https://babeljs.io/repl

MIT License

4.4k stars 225 forks source link

chore(minify): remediate CVE-2018-3721: update lodash to latest, remove use of deprecated module packages #918

Closed Stephanemw closed 6 years ago

Stephanemw commented 6 years ago

What: Updated use of lodash to lodash/somefunc instead of lodash.somefunc:

upgraded lodash deps to ^4.17.11
updated requires from lodash.somefunc to lodash/somefunc
updates snapshots

re-ran bootstrap, build and test

Why: Updated to remediate CVE-2018-3721 - where modularized packages are specifically vulnerable, and as modularized packages are deprecated, no updates have been released in about 2 years.

Stephanemw commented 6 years ago

@boopathi thanks for merging! Would you know when this is expected to be included in a non-alpha release?