Command Injection on sub-dependency lodash.template via @oclif/plugin-help
mrjackdavis opened this issue · comments
tldr; please update @oclif/plugin-help
to 3.2.14
to fix a vulnerability in zapier-platform-cli
lodash.template
package has a security vulnerability. See here https://security.snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054. The CVE rating is HIGH 7.2.
@oclif/plugin-help
version should be updated. I believe 3.2.14 would suffice.
Please consider ^
syntax so that your dependents can update patch versions without updates required to the repo
Fixed in #739.