Closed pavanjava closed 2 years ago
Note that set-value@4 changes the behavior when the set value is undefined
. In set-value@3, it sets a property with value undefined
. In set-value@4 it deletes the property.
@jonschlinkert We have a PR updating the version of set-value. PR: https://github.com/jonschlinkert/cache-base/pull/23
Any news on this one?
We have a set-value
vulnerability 12 levels deep into the dependencies, and this is the culprit.
@jonschlinkert isn't set-value
your own package ?
CVE-2021-23440: the cache-base library internally uses set-value, and set value version below 4.0.1 are vulnarable. is there any plan to fix this issue and release a new version.