Command Injection in lodash package #478
Labels
bug
Something isn't working
good first issue
Good for newcomers
security
Security fix
unapproved
Unapproved for Pull Request
Describe the bug
lodash
versions prior to 4.17.21 are vulnerable to Command Injection via the template function.We need to upgrade to the earliest fixed version 4.17.21
Note easygraphql-tester@5.1.6 requires lodash@4.17.15 via a transitive dependency on @graphql-toolkit/common@0.10.4
You will need to upgrade other packages to satisfy fixing this bug.
The text was updated successfully, but these errors were encountered: