Lodash NPM Vulnerable Dependency Updates

  • Resolved mattmcneil

    (@mattmcneil)


    2 years, 10 months ago

    Hello,

    Our team uses the Members plugin within our WordPress application and recently started using SonarQube to scan our app, highlighting some vulnerable dependencies within our plugins. One that is coming up frequently is the Lodash libraries within different parts of the Members plugin. Older versions of this library have some Critical-level vulnerabilities (https://snyk.io/vuln/npm:lodash).

    Just wanted to check if there is a plan in place to replace/update these vulnerable libraries / if any expected ETA exists.

    Thanks very much!

Viewing 1 replies (of 1 total)
  • Plugin Author Caseproof

    (@caseproof)

    Hi @mattmcneil

    ?I apologize for the delay in response.

    Thank you for bringing this to our attention. We appreciate it. I’ll pass this to our developers for their review.

    Kind regards

Viewing 1 replies (of 1 total)
  • The topic ‘Lodash NPM Vulnerable Dependency Updates’ is closed to new replies.