Security vulnerability in lodash.template package
LucasHill opened this issue · comments
Lucas Hill commented
ember-cli is using a lodash function with a known security vulnerability. The vulnerability is not new, but due to how lodash used to publish functions individually as well as the entire 'lodash' package, it seems auto-scanning security systems were not picking up the issue until just recently.
There is already a proposed fix here:
Hopefully we can get this patch into all ember-cli versions with security support (back to 4.12 right now I think).
Thanks!
Lucas Hill commented
@kellyselden what do you think about getting this in?
Chris Manson commented
This is released now, see this comment for more info: #10458 (comment)