Used package (Underscore@1.8.3) in Web Admin contains known vulnerabilities [Medium]

Question

Used package (Underscore@1.8.3) in Web Admin contains known vulnerabilities [Medium]

rwolfdev opened this issue 2 years ago · comments

The web admin package uses a third-party library (underscore@1.8.3) that has a known vulnerability.
Reference: https://security.snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984

Updating this library to a newer version would increase security. The latest version of this package has no known security vulnerabilities at the moment (https://security.snyk.io/package/npm/underscore).

Joel Mitchell · Answer 1 · Mon Nov 07 2022 00:36:31 GMT+0800 (China Standard Time)

The admin panel doesn't use the vulnerable templating feature, and so won't be affected, but I'll see about getting it updated so it doesn't come up in automated security checks.

Joel Mitchell · Answer 2 · Mon Nov 07 2022 01:40:16 GMT+0800 (China Standard Time)

Fixed in 0.11.3