Commit c9b8d66
fix(security): add npm override for lodash >= 4.17.24 to fix HIGH CVEs
Adds lodash >= 4.17.24 override in package.json to resolve two CVEs
(HIGH code injection via _.template, MODERATE prototype pollution via
_.unset/_.omit) in transitive dependencies swagger-ui-react and
@antv/g6. All lodash instances now resolve to 4.18.1. npm audit
reports 0 vulnerabilities.
Co-Authored-By: Paperclip <noreply@paperclip.ing>1 parent b4d03ea commit c9b8d66
2 files changed
Lines changed: 5 additions & 4 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
33 | 33 | | |
34 | 34 | | |
35 | 35 | | |
36 | | - | |
| 36 | + | |
| 37 | + | |
37 | 38 | | |
38 | 39 | | |
39 | 40 | | |
| |||
0 commit comments