zapier / zapier-platform

The SDK for you to build an integration on Zapier

Home Page:https://platform.zapier.com

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Command Injection on sub-dependency lodash.template via @oclif/plugin-help

mrjackdavis opened this issue · comments

tldr; please update @oclif/plugin-help to 3.2.14 to fix a vulnerability in zapier-platform-cli


lodash.template package has a security vulnerability. See here https://security.snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054. The CVE rating is HIGH 7.2.

@oclif/plugin-help version should be updated. I believe 3.2.14 would suffice.

Please consider ^ syntax so that your dependents can update patch versions without updates required to the repo

Fixed in #739.