search

rh / lodash-rails

lodash for the Rails asset pipeline
MIT License
75 stars 10 forks source link

Update lodash to 4.17.14 #9

Closed akhomchenko closed 5 years ago

akhomchenko commented 5 years ago

Description

Vulnerability was discovered in all lodash versions prior to 4.17.12 (more details).

lodash used

I have used both core and full builds from https://lodash.com . sha1's are:

f3cd5f8b695b87a068202d6abfc7490fe6a1a278  lodash.core.js
4255de7ae85dc0da79fc35b3d46c187725ca57c3  lodash.core.min.js
f5d17a118da63d17eeade07e4ebb455f7c7d7237  lodash.js
fa6d2c709c821585c4ffd818a05ff98c6f23b77e  lodash.min.js

How it was tested

I am not a ruby guy and rake --tasks has nothing that looks like tests. Not tested.

rh commented 5 years ago

Thanks! Merged and pushed to rubygems.org.