You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Noticed a bunch of security vulnerabilities within gulp-mjml. Most seem related to the version of lodash being used in the mjml package gulp-mjml uses. Possible to bump the versions of lodash referenced within the various mjml modules?
Example warning:
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Lodash Package for Node.js .internal/baseZipObject.js │
│ │ baseZipObject() Function Property Manipulation Resource │
│ │ Exhaustion DoS │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gulp-mjml [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ gulp-mjml > mjml > mjml-section > mjml-core > │
│ │ mjml-parser-xml > lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://vulndb.cyberriskanalytics.com/vulnerabilities/228535 │
└───────────────┴──────────────────────────────────────────────────────────────┘
Edit
Looks like the security warnings are coming from the mjml lib itself. Will check with them.
Hi there,
Noticed a bunch of security vulnerabilities within gulp-mjml. Most seem related to the version of lodash being used in the mjml package gulp-mjml uses. Possible to bump the versions of lodash referenced within the various mjml modules?
Example warning:
Edit
Looks like the security warnings are coming from the mjml lib itself. Will check with them.
Edit 2
More research shows this is being addressed by the lodash team. See the following issue and PRs:
https://github.com/lodash/lodash/issues/4775
lodash/lodash#4745
lodash/lodash#4759
The text was updated successfully, but these errors were encountered: