search

stoplightio / json-ref-resolver

[Deprecated] Recursively resolve JSON pointers and remote authorities.
https://github.com/APIDevTools/json-schema-ref-parser
Apache License 2.0
37 stars 9 forks source link

fix: use lodash dep instead of lodash.set #215

Closed rmkeezer closed 2 years ago

rmkeezer commented 2 years ago

set from lodash should be used instead of lodash.set because it is outdated and has an unfixed prototype pollution vulnerability: https://security.snyk.io/vuln/SNYK-JS-LODASHSET-1320032

stoplight-bot commented 2 years ago

:tada: This PR is included in version 3.1.4 :tada:

The release is available on:

Your semantic-release bot :package::rocket: