When running pnpm audit Ican see that there is a vulnerabilty in lodash and lodash is used by shadcn-ui under the hood.
high │ Command Injection in lodash
│ Package │ lodash.template
│ Vulnerable versions │ <=4.5.0
│ Patched versions │ <0.0.0
│ Paths │ . > shadcn-ui@0.8.0 > lodash.template@4.5.0
│ More info │ https://github.com/advisories/GHSA-35jh-r3h4-6jhm
Affected component/components
shadcn-ui
How to reproduce
Install "shadcn-ui": "^0.8.0" using pnpm
Codesandbox/StackBlitz link
No response
Logs
No response
System Info
"shadcn-ui": "^0.8.0",
Before submitting
[X] I've made research efforts and searched the documentation
Describe the bug
When running
pnpm audit
Ican see that there is a vulnerabilty in lodash and lodash is used by shadcn-ui under the hood. high │ Command Injection in lodash│ Package │ lodash.template │ Vulnerable versions │ <=4.5.0 │ Patched versions │ <0.0.0 │ Paths │ . > shadcn-ui@0.8.0 > lodash.template@4.5.0 │ More info │ https://github.com/advisories/GHSA-35jh-r3h4-6jhm
Affected component/components
shadcn-ui
How to reproduce
Install "shadcn-ui": "^0.8.0" using pnpm
Codesandbox/StackBlitz link
No response
Logs
No response
System Info
Before submitting