Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Snyk recommendations 12 aug #4743

loqus opened this issue Aug 12, 2019 · 0 comments


Copy link

commented Aug 12, 2019


I ran the public git repository through snyk. It came up with several recommendations

Prototype Pollution
Vulnerable module: lodash.merge
Introduced through: v-tooltip@2.0.0-rc.33
Remediation: Upgrade to v-tooltip@2.0.0

Cross-site Scripting (XSS)
Vulnerable module: shave
Introduced through: vue-shave@1.0.3
Remediation: Your dependencies are out of date, otherwise you would be using a newer shave than shave@2.5.2. Try relocking your lockfile or deleting node_modules. If the problem persists, one of your dependencies may be bundling outdated modules.

Prototype Pollution
Vulnerable module: lodash
Introduced through: @pixelandtonic/craftui@0.3.6 and lodash@4.17.11
Remediation: Open PR to patch lodash@4.17.11.

Probable fix(es): run npm update in

Steps to reproduce

  1. Add github repository to

Additional info

  • Craft version: github repo
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
2 participants
You can’t perform that action at this time.