Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixing prototype Pollution in lodash.pick #5799

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

hdsenevi
Copy link

@hdsenevi hdsenevi commented Jan 29, 2024

Summary

  • Fixing prototype Pollution in lodash.pick
  • Removed usage of lodash.pick and replaced with lodash proper
  • Github advisory info here : GHSA-p6mc-m468-83gw

Also, lodash discourages per module packages (additional info here). So maybe we can get rid of all the per module packages and import only lodash

Changelog

[CATEGORY] [TYPE] - Message

Test Plan

@auto-assign auto-assign bot requested a review from rayan1810 January 29, 2024 05:41
Copy link

vercel bot commented Jan 29, 2024

@hdsenevi is attempting to deploy a commit to the Geekyants Team Team on Vercel.

A member of the Team first needs to authorize it.

@hdsenevi hdsenevi changed the title Removed usage of lodash.pick and replaced with lodash proper Fixing prototype Pollution in lodash.pick Jan 29, 2024
@ifero
Copy link

ifero commented Jun 19, 2024

Is there any ETA on merging this? This is causing several issues to our deployments

@heg2
Copy link

heg2 commented Aug 20, 2024

We would also highly appreciate if you could merge this PR @rayan1810.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants