Usage of a vulnerable package #4490
Labels
bug
Indicates an unexpected problem or an unintended behavior.
needs-triage
The issue has just been created and it has not been reviewed by the team.
The botbuilder-dialogs v4.19.3 package depends on @microsoft/recognizers-text-number which uses lodash.trimend v4.5.1 that includes this vulnerability:
https://nvd.nist.gov/vuln/detail/cve-2020-28500
The text was updated successfully, but these errors were encountered: