Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security vulnerability in [email protected] #554

Closed
marcysutton opened this issue Mar 2, 2018 · 3 comments
Closed

Security vulnerability in [email protected] #554

marcysutton opened this issue Mar 2, 2018 · 3 comments

Comments

@marcysutton
Copy link

There is a known security vulnerability in lodash@3x: https://hackerone.com/reports/310443

The severity is low, however grunt-contrib-watch should be updated to the latest lodash version to reduce risk.
@marcysutton marcysutton mentioned this issue Mar 2, 2018
Merged
@gregtyler
Copy link

Looks like this has been fixed on master, just not tagged or deployed to NPM. I've run the tests locally and they all pass so (superficially) it looks ready to go.

@shama Would you be able to take a look at this? (Pinging since I see you did the last tags and recently fixed grunt-legacy-log similarly) Let me know if I can help.

@anastasiagryshchenko
Copy link

came in here to report the same issue. it will make a huge difference if you could find time and deploy current master to npm

@shama
Copy link
Member

shama commented Apr 20, 2018

Sorry for the delay, a new version of [email protected] was published with the lodash dependency updated. Thanks!

@shama shama closed this as completed Apr 20, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@shama @gregtyler @marcysutton @anastasiagryshchenko and others