fix(security): force lodash > 4.17.20 - CVE-2020-8203 #1919

petermetz · 2022-03-14T07:08:47Z

TODO: Longer term we should take care to upgrade the top level
dependencies instead (as patched releases become available)

Fixes #1918

Signed-off-by: Peter Somogyvari peter.somogyvari@accenture.com

TODO: Longer term we should take care to upgrade the top level dependencies instead (as patched releases become available) Fixes hyperledger-cacti#1918 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>

petermetz requested a review from jonathan-m-hamilton as a code owner March 14, 2022 07:08

petermetz requested review from izuru0, jagpreetsinghsasan and takeutak and removed request for jonathan-m-hamilton March 14, 2022 07:08

petermetz added dependencies Pull requests that update a dependency file P1 Priority 1: Highest Security Related to existing or potential security vulnerabilities labels Mar 14, 2022

takeutak approved these changes Mar 14, 2022

View reviewed changes

jagpreetsinghsasan approved these changes Mar 14, 2022

View reviewed changes

petermetz force-pushed the petermetz/issue1918 branch 2 times, most recently from 1cfc77a to 00cb626 Compare March 15, 2022 04:21

petermetz removed the request for review from izuru0 March 15, 2022 04:22

petermetz force-pushed the petermetz/issue1918 branch from 00cb626 to 35496e1 Compare March 15, 2022 06:58

fix(security): force lodash > 4.17.20 - CVE-2020-8203

dbb171a

TODO: Longer term we should take care to upgrade the top level dependencies instead (as patched releases become available) Fixes hyperledger-cacti#1918 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>

petermetz force-pushed the petermetz/issue1918 branch from 35496e1 to dbb171a Compare March 15, 2022 15:12

petermetz merged commit 08ace66 into hyperledger-cacti:main Mar 15, 2022

petermetz deleted the petermetz/issue1918 branch March 15, 2022 18:06

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(security): force lodash > 4.17.20 - CVE-2020-8203 #1919

fix(security): force lodash > 4.17.20 - CVE-2020-8203 #1919

petermetz commented Mar 14, 2022

fix(security): force lodash > 4.17.20 - CVE-2020-8203 #1919

fix(security): force lodash > 4.17.20 - CVE-2020-8203 #1919

Conversation

petermetz commented Mar 14, 2022