Skip to content

Commit

Permalink
Update underscore version to avoid security vulnerabilities
Browse files Browse the repository at this point in the history 
Our project flagged a Security Vulnerability in the underscore dependency jashkenas/underscore#2915 which is hoisted via spritesheet-templates.

The current package.json uses "underscore": "~1.4.2". The fix for the underscore vulnerability is in versions 1.12.1,1.13.0-2.
  • Loading branch information
elcorn@microsoft.com committed Apr 26, 2021
1 parent fb9a36d commit d261874
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@
"handlebars": "^4.6.0",
"handlebars-layouts": "^3.1.4",
"json-content-demux": "~0.1.2",
"underscore": "~1.4.2",
"underscore": "~1.13.1",
"underscore.string": "~3.3.0"
},
"devDependencies": {
Expand Down

0 comments on commit d261874

Please sign in to comment.