[SG-36530] NPM dependency upgrades: Prototype Pollution in lodash (!36614) · Merge requests · Administrator / sourcegraph

Administrator requested to merge contractors/SG-36530 into main Jun 05, 2022

Created by: gitstart-sourcegraph

Descriptions

Versions of lodash before 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep allows a malicious user to modify the prototype of Object via {constructor: {prototype: {...}}} causing the addition or modification of an existing property that will exist on all objects.

Checked dependencies: @percy/cli -> @percy/cli-* -> @percy/cli-command -> @oclif/plugin-help -> lodash.template@^4.5.0

Changes: Upgrade @percy/cli version

Refs

Sourcegraph Issue GitStart Issue

Test plan

Make sure all CI checks passed

App preview:

Web
Storybook

Check out the client app preview documentation to learn more.

[SG-36530] NPM dependency upgrades: Prototype Pollution in lodash

Descriptions

Refs

Test plan

App preview:

Merge request reports