You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We recently got a dependabot alert about a vulnerability in lodash.trim. It hasn't been released in 7 years so I don't know if we should expect to see a new release? A better alternative might be to drop lodash.trim. I'll take a peak and see how reasonable that would be.
Edit: it seems like likely replacing trim ends up doing regular expression stuff in this repo, possibly exposing a similar regex dos type vulnerability. So maybe wait and see and upgrade.
The text was updated successfully, but these errors were encountered:
We recently got a dependabot alert about a vulnerability in lodash.trim. It hasn't been released in 7 years so I don't know if we should expect to see a new release? A better alternative might be to drop lodash.trim. I'll take a peak and see how reasonable that would be.
Edit: it seems like likely replacing trim ends up doing regular expression stuff in this repo, possibly exposing a similar regex dos type vulnerability. So maybe wait and see and upgrade.
The text was updated successfully, but these errors were encountered: