chore(package): 'lodash' dependency security vulnerability
benjamin-allion opened this issue · comments
ALLION Benjamin commented
Details
Lodash version < 4.17.13 are vulnerable to Prototype Pollution.
The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
Acceptance Criterias
- Upgrade lodash dependency to patched version 4.17.13
ALLION Benjamin commented