Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security issue from lodash via grunt-legacy-log-utils #1635

Closed
brettz9 opened this issue May 13, 2018 · 7 comments
Closed

Security issue from lodash via grunt-legacy-log-utils #1635

brettz9 opened this issue May 13, 2018 · 7 comments
Assignees
@shama @vladikoff

Comments

@brettz9
Copy link

brettz9 commented May 13, 2018

As a result of issues for dependencies grunt-legacy-util and grunt-legacy-log -> grunt-legacy-log-utils, npm's new npm audit flags grunt with these problems (and any repo depending on grunt).

It would be great to have these two issues fixed (with upgrades to the lodash version in use).

Thanks!
@brettz9 brettz9 mentioned this issue May 13, 2018
Closed
3 tasks
@shama shama self-assigned this May 13, 2018
@jbruni
Copy link

jbruni commented May 15, 2018

Indeed... we'll need new releases for grunt, grunt-legacy-util, grunt-legacy-log and grunt-legacy-log-utils, in order to have npm audit to cease reporting about lodash when we install grunt.

Thanks in advance.

@vladikoff vladikoff self-assigned this May 15, 2018
@vladikoff
Copy link
Member

@brettz9 @jbruni we are gonna attempt to fix this up in the next few days

@vladikoff
Copy link
Member

Quick update, I'm blocked by npm issues in gruntjs/grunt-legacy-log-utils#5

Will have to wait until @shama comes back from camp.

@vladikoff vladikoff mentioned this issue May 20, 2018
Merged
@RinkAttendant6
Copy link

Great work on the fixes 🎉

I assume an npm tag and release are coming soon?

@brettz9
Copy link
Author

brettz9 commented May 27, 2018

Indeed--how about an npm release? Thanks a lot!

@vladikoff
Copy link
Member

Mostly waiting for this jshint/jshint#3283

@vladikoff
Copy link
Member

will give another 2-3 biz day for a new jshint version, if that doesn't arrive then we will tag a new release

@vladikoff vladikoff mentioned this issue May 27, 2018
Closed
@Krinkle Krinkle changed the title Security issues Security issue from lodash via grunt-legacy-log-utils# Jun 11, 2024
@Krinkle Krinkle changed the title Security issue from lodash via grunt-legacy-log-utils# Security issue from lodash via grunt-legacy-log-utils Jun 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@shama shama

@vladikoff vladikoff

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@brettz9 @jbruni @shama @vladikoff @RinkAttendant6