New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update lodash and remove prototype vulnerabilities #2582
Conversation
I don't believe this is needed #2574 (comment) |
There is nothing to update to since these were separate packages. Since then it looks like it has gone back to a single package you import from. https://www.npmjs.com/package/lodash.assign (2 years old) |
Weird this didn't build in Travis |
@xzyfer may be related to this https://developer.github.com/changes/2018-04-25-github-services-deprecation/ |
A build ran 15 minutes ago for a pr that was closed 13 days ago but had lodash in the title. |
Yeah, that was me hitting restart, not realizing it was an old PR and not this one |
We can't migrate just yet
I think it was just a dodgy webhook. Please try to rebase on master to kick off a new one. |
Nothing to rebase against so I amended the commit message. |
Travis CI is now running but failing due to lodash dependencies. Please investigate. |
Fixes: #2574 by removing prototype vulnerabilities for: https://ossindex.sonatype.org/component/pkg:npm/lodash.assign https://ossindex.sonatype.org/component/pkg:npm/lodash.clonedeep https://ossindex.sonatype.org/component/pkg:npm/lodash.mergewith
All good now, needed a capital on cloneDeep and mergeWith import. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks
is there any ETA for a release including that change ? |
Fixes: #2574 by removing prototype vulnerabilities for:
https://ossindex.sonatype.org/component/pkg:npm/lodash.assign
https://ossindex.sonatype.org/component/pkg:npm/lodash.clonedeep
https://ossindex.sonatype.org/component/pkg:npm/lodash.mergewith