Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

package depends on vulnerable packages (lodash.template@4.5.0) #45

Closed
hkjeffchan opened this issue May 20, 2024 · 2 comments
Closed

package depends on vulnerable packages (lodash.template@4.5.0) #45

hkjeffchan opened this issue May 20, 2024 · 2 comments
Labels
bug Something isn't working

Comments

@hkjeffchan
Copy link

lodash.template *
Severity: high
Command Injection in lodash - GHSA-35jh-r3h4-6jhm
fix available via npm audit fix
node_modules/lodash.template
gulp-header >=1.8.10
Depends on vulnerable versions of lodash.template
node_modules/gulp-header

2 high severity vulnerabilities

└─┬ @jaredwray/fumanchu@1.3.0
└─┬ helper-md@0.2.2
└─┬ remarkable@1.7.4
└─┬ autolinker@0.28.1
└─┬ gulp-header@1.8.12
└── lodash.template@4.5.0

helper-md stills depends on lodash.template@4.5.0
@hkjeffchan hkjeffchan added the bug Something isn't working label May 20, 2024
@jaredwray
Copy link
Owner

@hkjeffchan - thanks and we will look into this but most likely will need to just remove helper-md as it looks like a dead project.

@jaredwray jaredwray mentioned this issue Jun 17, 2024
Merged
3 tasks
@jaredwray
Copy link
Owner

closing this as moved it to fumanchu

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hkjeffchan @jaredwray