Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2019-10744 #4471

Closed
hahawe opened this issue Nov 24, 2020 · 1 comment
Closed

CVE-2019-10744 #4471

hahawe opened this issue Nov 24, 2020 · 1 comment
Labels
type: cleanup

Comments

@hahawe
Copy link

hahawe commented Nov 24, 2020

Lodash has a security vulnerability.
Blockly depends on the lodash.
Whether the CVE-2019-10744 affects the blockly。
@hahawe hahawe added issue: triage Issues awaiting triage by a Blockly team member issue: bug Describes why the code or behaviour is wrong labels Nov 24, 2020
@maribethb
Copy link
Contributor

As far as I can tell, Blockly does not depend directly on lodash. Further, the libraries that do depend on lodash (eg eslint) have already updated to versions after the suggested version in the linked issue. Right now for example, eslint is using 4.17.19 according to our package-lock.json. So I don't think there is any action to take here (same for the issues I'm about to mark as duplicate).

This was referenced Jan 23, 2021
Closed
Closed
@maribethb maribethb added type: cleanup and removed issue: triage Issues awaiting triage by a Blockly team member issue: bug Describes why the code or behaviour is wrong labels Jan 23, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: cleanup
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hahawe @maribethb