jashkenas / underscore

JavaScript's utility _ belt
https://underscorejs.org
MIT License
27.33k stars 5.53k forks source link

Black Duck identifies high vulnerability issue with 1.13.0 version #2922

Closed syed12304 closed 3 years ago

syed12304 commented 3 years ago

Description The package latest underscore version support

jgonggrijp commented 3 years ago

@syed12304 This is a false alarm. We fixed CVE-2021-23358 in version 1.12.1 (see #2917 and the change log). 1.13.0 is the successor of both 1.12.1 and 1.13.0-3. Please contact the maintainers of Black Duck for a solution.

Next time you want to report a security issue, please don't submit an issue ticket but email us. See the security policy. No harm done in this case, though.