-
Notifications
You must be signed in to change notification settings - Fork 441
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix prototype pollution vulnerability. #272
Fix prototype pollution vulnerability. #272
Conversation
Signed-off-by: Ryan McQuen <RyanMcQuen@stockx.com>
Test output:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The new lodash version resolves known vulnerabilities. Checks pass.
@mcastany can you take a look at this? |
Hey! Waiting for this change, can we make it happen? CC @mcastany |
Trying some more people from recent commits, seeing Snyk scans fail daily due to this: |
maybe @jfromaniello can you help us here? 👀 |
@gkwang @aarongodin trying some more peeps since failing builds are no fun. |
@ryanpcmcquen Let me get the right people to have this reviewed and merged. |
@gkwang thank you! |
Signed-off-by: Ryan McQuen RyanMcQuen@stockx.com
Description
Closes security vulnerability by adopting main lodash package, outlined here:
#271
References
Testing
This change adds test coverage for new/changed/fixed functionalityNo change in functionality.Checklist
I have added documentation for new/changed functionality in this PR or in auth0.com/docsNo change in functionality.master