Upgrade lodash to fix a security issue - Githubissues

dlmanning / gulp-sass

SASS plugin for gulp

MIT License

1.56k stars 381 forks source link

Upgrade lodash to fix a security issue #776

Closed ghost closed 3 years ago

ghost commented 3 years ago

Synk analysis flags lodash as having a security issue around prototype pollution. This upgrades to the first version that fixes this issue.

Resolves: https://github.com/dlmanning/gulp-sass/issues/775 Relates to: https://app.snyk.io/vuln/SNYK-JS-LODASH-567746 Relates to: https://app.snyk.io/vuln/SNYK-JS-LODASH-590103 Relates to: https://app.snyk.io/vuln/SNYK-JS-LODASH-608086 Relates to: https://app.snyk.io/vuln/SNYK-JS-LODASH-450202 Relates to: https://app.snyk.io/vuln/SNYK-JS-LODASH-73638 Relates to: https://app.snyk.io/vuln/SNYK-JS-LODASH-73639

mxmason commented 3 years ago

The issue related to this will be solved in #802 by 0ccfa8b

xzyfer commented 3 years ago

Released in 4.1.1 so it's available without adopting a major version bump.