Security | Critical vulnerability in lodash@4.17.19

Our dependency-check has notified us that the version of `lodash@4.17.19` has a CRITICAL security vulnerability that should no longer be used and instead upgrade to a patched version of lodash.

From this report: https://github.com/advisories/GHSA-35jh-r3h4-6jhm

> lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

## npm ls lodash tree (oc-template-react-compiler):

```
├─┬ oc-template-react-compiler@5.2.2
...
│ ├── lodash@4.17.19
...
```

## Proposed Solution
Bump the version of lodash to the patched version `4.17.21`. 

Optionally, can we use a minor semver `^4.17.21` to keep this up to date without a release?

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Security | Critical vulnerability in [email protected] #650

npm ls lodash tree (oc-template-react-compiler):

Proposed Solution

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Security | Critical vulnerability in [email protected] #650

Description

npm ls lodash tree (oc-template-react-compiler):

Proposed Solution

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions