CWE-1321 Vulnerability in lodash.set in version 4.5.3
howdymatt opened this issue · comments
Matt Baker commented
See https://security.snyk.io/vuln/SNYK-JS-LODASHSET-1320032.
Please update 4.* branch to use full lodash library, as the module-based libraries are no longer maintained.
Matthew Richardson commented
Thanks for flagging this one up! That's a new release for v5 and v4 made using the 'single' lodash bundle rather than the separate modules.
Code change is minimal and tests are still all passing, but we're not actively using the v4.x branch any more, so please let us know if you encounter any issues with 4.5.4