GitHub/outline
1
0
Fork 0
mirror of https://github.com/outline/outline.git synced 2026-06-13 03:14:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

chore: Clear lodash _.template injection advisory from audit ignore list (#12180)

Browse Source 
Pin lodash and lodash-es to ^4.18.1 via resolutions so transitive deps
pick up the patched versions, then drop the advisory ID.

Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Tom Moor
2026-04-27 10:13:15 -04:00
committed by GitHub
parent e515fa5b44
commit 88d871e463
3 changed files with 14 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.yarnrc.yml
-1
View File
@@ -12,4 +12,3 @@ npmPreapprovedPackages:
npmAuditIgnoreAdvisories:
- "1113517" # GHSA-mw96-cpmx-2vgc rollup <2.80.0 path traversal (workbox-build, build-time)
- "1113686" # GHSA-5c6j-r48x-rmvq serialize-javascript RCE (@rollup/plugin-terser, build-time)
- "1115805" # GHSA-r5fr-rjxr-66jc lodash-es _.template injection (mermaid; not exposed to user-controlled template keys)
package.json
+9 -1
View File
@@ -408,7 +408,15 @@
"picomatch@npm:^2.2.3": "^2.3.2",
"picomatch@npm:^2.3.1": "^2.3.2",
"picomatch@npm:^4.0.2": "^4.0.4",
"picomatch@npm:^4.0.3": "^4.0.4"
"picomatch@npm:^4.0.3": "^4.0.4",
"lodash@npm:4.17.21": "^4.18.1",
"lodash@npm:^4.17.11": "^4.18.1",
"lodash@npm:^4.17.20": "^4.18.1",
"lodash@npm:^4.17.21": "^4.18.1",
"lodash@npm:^4.17.23": "^4.18.1",
"lodash-es@npm:4.17.23": "^4.18.1",
"lodash-es@npm:^4.17.21": "^4.18.1",
"lodash-es@npm:^4.17.23": "^4.18.1"
},
"version": "1.7.0",
"packageManager": "yarn@4.11.0"
yarn.lock
+5 -12
View File
@@ -15300,10 +15300,10 @@ __metadata:
languageName: node
linkType: hard
"lodash-es@npm:4.17.23, lodash-es@npm:^4.17.21, lodash-es@npm:^4.17.23":
version: 4.17.23
resolution: "lodash-es@npm:4.17.23"
checksum: 10c0/3150fb6660c14c7a6b5f23bd11597d884b140c0e862a17fdb415aaa5ef7741523182904a6b7929f04e5f60a11edb5a79499eb448734381c99ffb3c4734beeddd
"lodash-es@npm:^4.18.1":
version: 4.18.1
resolution: "lodash-es@npm:4.18.1"
checksum: 10c0/35d4dcf87ef07f8d090f409447575800108057e360b445f590d0d25d09e3d1e33a163d2fc100d4d072b0f901d5e2fc533cd7c4bfd8eeb38a06abec693823c8b8
languageName: node
linkType: hard
@@ -15440,14 +15440,7 @@ __metadata:
languageName: node
linkType: hard
"lodash@npm:4.17.21":
version: 4.17.21
resolution: "lodash@npm:4.17.21"
checksum: 10c0/d8cbea072bb08655bb4c989da418994b073a608dffa608b09ac04b43a791b12aeae7cd7ad919aa4c925f33b48490b5cfe6c1f71d827956071dae2e7bb3a6b74c
languageName: node
linkType: hard
"lodash@npm:^4.17.11, lodash@npm:^4.17.20, lodash@npm:^4.17.21, lodash@npm:^4.17.23":
"lodash@npm:^4.18.1":
version: 4.18.1
resolution: "lodash@npm:4.18.1"
checksum: 10c0/757228fc68805c59789e82185135cf85f05d0b2d3d54631d680ca79ec21944ec8314d4533639a14b8bcfbd97a517e78960933041a5af17ecb693ec6eecb99a27