Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

lighthouse-3.2.1.tgz: 15 vulnerabilities (highest severity is: 9.8) #31

Open
mend-for-github-com bot opened this issue Mar 7, 2024 · 0 comments
Open

lighthouse-3.2.1.tgz: 15 vulnerabilities (highest severity is: 9.8) #31

mend-for-github-com bot opened this issue Mar 7, 2024 · 0 comments
Labels
Mend: dependency security vulnerability

Comments

@mend-for-github-com
Copy link

Vulnerable Library - lighthouse-3.2.1.tgz

Found in HEAD commit: 3a02ac49d37e94b5747f69bc6d783357d23ba57f

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (lighthouse version) Remediation Possible**
CVE-2021-44906 Critical 9.8 minimist-0.0.8.tgz Transitive 6.0.0
CVE-2020-7774 Critical 9.8 y18n-3.2.1.tgz Transitive 4.0.0
CVE-2019-10744 Critical 9.1 lodash-4.17.11.tgz Transitive 4.0.0
CVE-2022-25851 High 7.5 jpeg-js-0.1.2.tgz Transitive 6.2.0
CVE-2021-3807 High 7.5 ansi-regex-3.0.0.tgz Transitive 4.0.0
CVE-2020-8203 High 7.4 lodash-4.17.11.tgz Transitive 4.0.0
CVE-2020-8116 High 7.3 dot-prop-4.2.0.tgz Transitive 4.0.0
CVE-2021-23337 High 7.2 lodash-4.17.11.tgz Transitive 4.0.0
CVE-2022-4187 Medium 6.5 detected in multiple dependencies Transitive 4.0.0
CVE-2021-21137 Medium 6.5 detected in multiple dependencies Transitive 4.0.0
CVE-2020-7598 Medium 5.6 minimist-0.0.8.tgz Transitive 6.0.0
CVE-2020-8175 Medium 5.5 jpeg-js-0.1.2.tgz Transitive 6.2.0
CVE-2022-33987 Medium 5.3 got-6.7.1.tgz Transitive 9.3.0
CVE-2020-7608 Medium 5.3 yargs-parser-7.0.0.tgz Transitive 6.0.0
CVE-2020-28500 Medium 5.3 lodash-4.17.11.tgz Transitive 4.0.0

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2021-44906

Vulnerable Library - minimist-0.0.8.tgz

parse argument options

Library home page: https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz

Dependency Hierarchy:

  • lighthouse-3.2.1.tgz (Root Library)
    • mkdirp-0.5.1.tgz
      • minimist-0.0.8.tgz (Vulnerable Library)

Found in HEAD commit: 3a02ac49d37e94b5747f69bc6d783357d23ba57f

Found in base branch: main

Vulnerability Details

Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).

Publish Date: 2022-03-17

URL: CVE-2021-44906

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-xvch-5gv4-984h

Release Date: 2022-03-17

Fix Resolution (minimist): 0.2.4

Direct dependency fix Resolution (lighthouse): 6.0.0

CVE-2020-7774

Vulnerable Library - y18n-3.2.1.tgz

the bare-bones internationalization library used by yargs

Library home page: https://registry.npmjs.org/y18n/-/y18n-3.2.1.tgz

Dependency Hierarchy:

  • lighthouse-3.2.1.tgz (Root Library)
    • yargs-3.32.0.tgz
      • y18n-3.2.1.tgz (Vulnerable Library)

Found in HEAD commit: 3a02ac49d37e94b5747f69bc6d783357d23ba57f

Found in base branch: main

Vulnerability Details

The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution.

Publish Date: 2020-11-17

URL: CVE-2020-7774

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/1654

Release Date: 2020-11-17

Fix Resolution (y18n): 3.2.2

Direct dependency fix Resolution (lighthouse): 4.0.0

CVE-2019-10744

Vulnerable Library - lodash-4.17.11.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz

Dependency Hierarchy:

  • lighthouse-3.2.1.tgz (Root Library)
    • inquirer-3.3.0.tgz
      • lodash-4.17.11.tgz (Vulnerable Library)

Found in HEAD commit: 3a02ac49d37e94b5747f69bc6d783357d23ba57f

Found in base branch: main

Vulnerability Details

Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

Publish Date: 2019-07-26

URL: CVE-2019-10744

CVSS 3 Score Details (9.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-jf85-cpcp-j695

Release Date: 2019-07-26

Fix Resolution (lodash): 4.17.12

Direct dependency fix Resolution (lighthouse): 4.0.0

CVE-2022-25851

Vulnerable Library - jpeg-js-0.1.2.tgz

A pure javascript JPEG encoder and decoder

Library home page: https://registry.npmjs.org/jpeg-js/-/jpeg-js-0.1.2.tgz

Dependency Hierarchy:

  • lighthouse-3.2.1.tgz (Root Library)
    • jpeg-js-0.1.2.tgz (Vulnerable Library)

Found in HEAD commit: 3a02ac49d37e94b5747f69bc6d783357d23ba57f

Found in base branch: main

Vulnerability Details

The package jpeg-js before 0.4.4 are vulnerable to Denial of Service (DoS) where a particular piece of input will cause to enter an infinite loop and never return.

Publish Date: 2022-06-10

URL: CVE-2022-25851

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2022-06-10

Fix Resolution (jpeg-js): 0.4.4

Direct dependency fix Resolution (lighthouse): 6.2.0

CVE-2021-3807

Vulnerable Library - ansi-regex-3.0.0.tgz

Regular expression for matching ANSI escape codes

Library home page: https://registry.npmjs.org/ansi-regex/-/ansi-regex-3.0.0.tgz

Dependency Hierarchy:

  • lighthouse-3.2.1.tgz (Root Library)
    • inquirer-3.3.0.tgz
      • strip-ansi-4.0.0.tgz
        • ansi-regex-3.0.0.tgz (Vulnerable Library)

Found in HEAD commit: 3a02ac49d37e94b5747f69bc6d783357d23ba57f

Found in base branch: main

Vulnerability Details

ansi-regex is vulnerable to Inefficient Regular Expression Complexity

Publish Date: 2021-09-17

URL: CVE-2021-3807

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994/

Release Date: 2021-09-17

Fix Resolution (ansi-regex): 3.0.1

Direct dependency fix Resolution (lighthouse): 4.0.0

CVE-2020-8203

Vulnerable Library - lodash-4.17.11.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz

Dependency Hierarchy:

  • lighthouse-3.2.1.tgz (Root Library)
    • inquirer-3.3.0.tgz
      • lodash-4.17.11.tgz (Vulnerable Library)

Found in HEAD commit: 3a02ac49d37e94b5747f69bc6d783357d23ba57f

Found in base branch: main

Vulnerability Details

Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.

Publish Date: 2020-07-15

URL: CVE-2020-8203

CVSS 3 Score Details (7.4)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/1523

Release Date: 2020-07-15

Fix Resolution (lodash): 4.17.19

Direct dependency fix Resolution (lighthouse): 4.0.0

CVE-2020-8116

Vulnerable Library - dot-prop-4.2.0.tgz

Get, set, or delete a property from a nested object using a dot path

Library home page: https://registry.npmjs.org/dot-prop/-/dot-prop-4.2.0.tgz

Dependency Hierarchy:

  • lighthouse-3.2.1.tgz (Root Library)
    • configstore-3.1.2.tgz
      • dot-prop-4.2.0.tgz (Vulnerable Library)

Found in HEAD commit: 3a02ac49d37e94b5747f69bc6d783357d23ba57f

Found in base branch: main

Vulnerability Details

Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.

Publish Date: 2020-02-04

URL: CVE-2020-8116

CVSS 3 Score Details (7.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8116

Release Date: 2020-02-04

Fix Resolution (dot-prop): 4.2.1

Direct dependency fix Resolution (lighthouse): 4.0.0

CVE-2021-23337

Vulnerable Library - lodash-4.17.11.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz

Dependency Hierarchy:

  • lighthouse-3.2.1.tgz (Root Library)
    • inquirer-3.3.0.tgz
      • lodash-4.17.11.tgz (Vulnerable Library)

Found in HEAD commit: 3a02ac49d37e94b5747f69bc6d783357d23ba57f

Found in base branch: main

Vulnerability Details

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

Publish Date: 2021-02-15

URL: CVE-2021-23337

CVSS 3 Score Details (7.2)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: High
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-35jh-r3h4-6jhm

Release Date: 2021-02-15

Fix Resolution (lodash): 4.17.21

Direct dependency fix Resolution (lighthouse): 4.0.0

CVE-2022-4187

Vulnerable Libraries - chrome-devtools-frontend-1.0.401423.tgz, chrome-devtools-frontend-1.0.593291.tgz

chrome-devtools-frontend-1.0.401423.tgz

Library home page: https://registry.npmjs.org/chrome-devtools-frontend/-/chrome-devtools-frontend-1.0.401423.tgz

Dependency Hierarchy:

  • lighthouse-3.2.1.tgz (Root Library)
    • devtools-timeline-model-1.1.6.tgz
      • chrome-devtools-frontend-1.0.401423.tgz (Vulnerable Library)

chrome-devtools-frontend-1.0.593291.tgz

Library home page: https://registry.npmjs.org/chrome-devtools-frontend/-/chrome-devtools-frontend-1.0.593291.tgz

Dependency Hierarchy:

  • lighthouse-3.2.1.tgz (Root Library)
    • chrome-devtools-frontend-1.0.593291.tgz (Vulnerable Library)

Found in HEAD commit: 3a02ac49d37e94b5747f69bc6d783357d23ba57f

Found in base branch: main

Vulnerability Details

Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)

Publish Date: 2022-11-30

URL: CVE-2022-4187

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/package/chrome-devtools-frontend?activeTab=versions

Release Date: 2022-11-30

Fix Resolution (chrome-devtools-frontend): 1.0.1070764

Direct dependency fix Resolution (lighthouse): 4.0.0

Fix Resolution (chrome-devtools-frontend): 1.0.1070764

Direct dependency fix Resolution (lighthouse): 4.0.0

CVE-2021-21137

Vulnerable Libraries - chrome-devtools-frontend-1.0.401423.tgz, chrome-devtools-frontend-1.0.593291.tgz

chrome-devtools-frontend-1.0.401423.tgz

Library home page: https://registry.npmjs.org/chrome-devtools-frontend/-/chrome-devtools-frontend-1.0.401423.tgz

Dependency Hierarchy:

  • lighthouse-3.2.1.tgz (Root Library)
    • devtools-timeline-model-1.1.6.tgz
      • chrome-devtools-frontend-1.0.401423.tgz (Vulnerable Library)

chrome-devtools-frontend-1.0.593291.tgz

Library home page: https://registry.npmjs.org/chrome-devtools-frontend/-/chrome-devtools-frontend-1.0.593291.tgz

Dependency Hierarchy:

  • lighthouse-3.2.1.tgz (Root Library)
    • chrome-devtools-frontend-1.0.593291.tgz (Vulnerable Library)

Found in HEAD commit: 3a02ac49d37e94b5747f69bc6d783357d23ba57f

Found in base branch: main

Vulnerability Details

Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.

Publish Date: 2021-02-09

URL: CVE-2021-21137

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21137

Release Date: 2021-02-09

Fix Resolution (chrome-devtools-frontend): 1.0.820688

Direct dependency fix Resolution (lighthouse): 4.0.0

Fix Resolution (chrome-devtools-frontend): 1.0.820688

Direct dependency fix Resolution (lighthouse): 4.0.0

CVE-2020-7598

Vulnerable Library - minimist-0.0.8.tgz

parse argument options

Library home page: https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz

Dependency Hierarchy:

  • lighthouse-3.2.1.tgz (Root Library)
    • mkdirp-0.5.1.tgz
      • minimist-0.0.8.tgz (Vulnerable Library)

Found in HEAD commit: 3a02ac49d37e94b5747f69bc6d783357d23ba57f

Found in base branch: main

Vulnerability Details

minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "proto" payload.

Publish Date: 2020-03-11

URL: CVE-2020-7598

CVSS 3 Score Details (5.6)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2020-03-11

Fix Resolution (minimist): 0.2.1

Direct dependency fix Resolution (lighthouse): 6.0.0

CVE-2020-8175

Vulnerable Library - jpeg-js-0.1.2.tgz

A pure javascript JPEG encoder and decoder

Library home page: https://registry.npmjs.org/jpeg-js/-/jpeg-js-0.1.2.tgz

Dependency Hierarchy:

  • lighthouse-3.2.1.tgz (Root Library)
    • jpeg-js-0.1.2.tgz (Vulnerable Library)

Found in HEAD commit: 3a02ac49d37e94b5747f69bc6d783357d23ba57f

Found in base branch: main

Vulnerability Details

Uncontrolled resource consumption in jpeg-js before 0.4.0 may allow attacker to launch denial of service attacks using specially a crafted JPEG image.

Publish Date: 2020-07-24

URL: CVE-2020-8175

CVSS 3 Score Details (5.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8175

Release Date: 2020-07-27

Fix Resolution (jpeg-js): 0.4.0

Direct dependency fix Resolution (lighthouse): 6.2.0

CVE-2022-33987

Vulnerable Library - got-6.7.1.tgz

Simplified HTTP requests

Library home page: https://registry.npmjs.org/got/-/got-6.7.1.tgz

Dependency Hierarchy:

  • lighthouse-3.2.1.tgz (Root Library)
    • update-notifier-2.2.0.tgz
      • latest-version-3.1.0.tgz
        • package-json-4.0.1.tgz
          • got-6.7.1.tgz (Vulnerable Library)

Found in HEAD commit: 3a02ac49d37e94b5747f69bc6d783357d23ba57f

Found in base branch: main

Vulnerability Details

The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket.

Publish Date: 2022-06-18

URL: CVE-2022-33987

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33987

Release Date: 2022-06-18

Fix Resolution (got): 11.8.6

Direct dependency fix Resolution (lighthouse): 9.3.0

CVE-2020-7608

Vulnerable Library - yargs-parser-7.0.0.tgz

the mighty option parser used by yargs

Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-7.0.0.tgz

Dependency Hierarchy:

  • lighthouse-3.2.1.tgz (Root Library)
    • yargs-parser-7.0.0.tgz (Vulnerable Library)

Found in HEAD commit: 3a02ac49d37e94b5747f69bc6d783357d23ba57f

Found in base branch: main

Vulnerability Details

yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto" payload.

Publish Date: 2020-03-16

URL: CVE-2020-7608

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2020-03-16

Fix Resolution (yargs-parser): 13.1.2

Direct dependency fix Resolution (lighthouse): 6.0.0

CVE-2020-28500

Vulnerable Library - lodash-4.17.11.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz

Dependency Hierarchy:

  • lighthouse-3.2.1.tgz (Root Library)
    • inquirer-3.3.0.tgz
      • lodash-4.17.11.tgz (Vulnerable Library)

Found in HEAD commit: 3a02ac49d37e94b5747f69bc6d783357d23ba57f

Found in base branch: main

Vulnerability Details

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
Mend Note: After conducting further research, Mend has determined that CVE-2020-28500 only affects environments with versions 4.0.0 to 4.17.20 of Lodash.

Publish Date: 2021-02-15

URL: CVE-2020-28500

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28500

Release Date: 2021-02-15

Fix Resolution (lodash): 4.17.21

Direct dependency fix Resolution (lighthouse): 4.0.0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Mend: dependency security vulnerability
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
0 participants