Skip to content

[SG-36530] NPM dependency upgrades: Prototype Pollution in lodash

Warren Gifford requested to merge contractors/SG-36530 into main

Created by: gitstart-sourcegraph

Descriptions

Dependabot alert here

Versions of lodash before 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep allows a malicious user to modify the prototype of Object via {constructor: {prototype: {...}}} causing the addition or modification of an existing property that will exist on all objects.

Checked dependencies: @percy/cli -> @percy/cli-* -> @percy/cli-command -> @oclif/plugin-help -> lodash.template@^4.5.0

Changes: Upgrade @percy/cli version

Refs

Sourcegraph Issue GitStart Issue

Test plan

Make sure all CI checks passed

App preview:

Check out the client app preview documentation to learn more.

Merge request reports

Loading