We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hey there is there any reason for using lodash.topath 4.5.2 despite newer lodash version is included in the spectral-core package?
... "lodash": "~4.17.21", "lodash.topath": "^4.5.2", ...
Blackduck detects that the lodash.topath dependency has some critical security findings because the version is lower than 4.17.21:
https://nvd.nist.gov/vuln/detail/CVE-2018-16487 https://nvd.nist.gov/vuln/detail/CVE-2018-3721 https://nvd.nist.gov/vuln/detail/CVE-2019-10744 https://nvd.nist.gov/vuln/detail/CVE-2019-1010266 https://nvd.nist.gov/vuln/detail/CVE-2020-8203 https://nvd.nist.gov/vuln/detail/CVE-2020-28500 https://nvd.nist.gov/vuln/detail/CVE-2021-23337
Best regards
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Hey there is there any reason for using lodash.topath 4.5.2 despite newer lodash version is included in the spectral-core package?
Blackduck detects that the lodash.topath dependency has some critical security findings because the version is lower than 4.17.21:
https://nvd.nist.gov/vuln/detail/CVE-2018-16487
https://nvd.nist.gov/vuln/detail/CVE-2018-3721
https://nvd.nist.gov/vuln/detail/CVE-2019-10744
https://nvd.nist.gov/vuln/detail/CVE-2019-1010266
https://nvd.nist.gov/vuln/detail/CVE-2020-8203
https://nvd.nist.gov/vuln/detail/CVE-2020-28500
https://nvd.nist.gov/vuln/detail/CVE-2021-23337
Best regards
The text was updated successfully, but these errors were encountered: