GitHub/outline
1
0
Fork 0
mirror of https://github.com/outline/outline.git synced 2026-06-13 11:25:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

chore: Clear lodash _.template injection advisory from audit ignore list (#12180)

Browse Source 
Pin lodash and lodash-es to ^4.18.1 via resolutions so transitive deps
pick up the patched versions, then drop the advisory ID.

Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Tom Moor
2026-04-27 10:13:15 -04:00
committed by GitHub
parent e515fa5b44
commit 88d871e463
3 changed files with 14 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.yarnrc.yml
-1
View File
@@ -12,4 +12,3 @@ npmPreapprovedPackages:
npmAuditIgnoreAdvisories:
- "1113517" # GHSA-mw96-cpmx-2vgc rollup <2.80.0 path traversal (workbox-build, build-time)
- "1113686" # GHSA-5c6j-r48x-rmvq serialize-javascript RCE (@rollup/plugin-terser, build-time)
- "1115805" # GHSA-r5fr-rjxr-66jc lodash-es _.template injection (mermaid; not exposed to user-controlled template keys)