Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(apps): Update lodash #4397

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

chore(apps): Update lodash #4397

wants to merge 7 commits into from
+22 −50

Conversation

JensAstrup
Copy link

Background

There is currently a vulnerability in lodash.template that is of high severity which this repository relies on. No update has been made on their end and the project was last updated 5 years ago.

Solution

In order to resolve the vulnerability I replaced lodash.template with the current version of lodash and replaced usages of import template from "lodash.template" with import { template } from "lodash" which should achieve the same functionality

Closes #3978

@vercel Vercel
Copy link

vercel bot commented Jul 23, 2024

@JensAstrup is attempting to deploy a commit to the shadcn-pro Team on Vercel.

A member of the Team first needs to authorize it.

@gdragotto gdragotto mentioned this pull request Sep 6, 2024
Open
2 tasks
@DominikScholz
Copy link

would be great if this could be merged in

@alexsilvar
Copy link

Any idea about what is missing to merge it?

@JensAstrup
Copy link
Author

I have no idea who I'm waiting on or what the next step is, unless I'm missing something from CONTRIBUTING.md, I'm fairly certain I've done everything. @shadcn Any assistance here? 🥺

@MoSheikh
Copy link

Would also appreciate it if maintainers could take a look. Thank you!

@jaxazam
Copy link

jaxazam commented Oct 3, 2024

Thanks for the work @JensAstrup.ave you heard back from them through any other channels? I'm guessing not...

@JensAstrup
Copy link
Author

No, haven't heard anything yet :/

@alexsilvar
Copy link

Please expedite this PR

shadcn
shadcn approved these changes Oct 23, 2024
View reviewed changes
Copy link
Collaborator

@shadcn shadcn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you.

No update has been made on their end and the project was last updated 5 years ago.

I was surprised to read this but it's true.

@vercel Vercel
Copy link

vercel bot commented Oct 23, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Updated (UTC)
ui ❌ Failed (Inspect) Nov 11, 2024 7:30am

@JensAstrup
Copy link
Author

@shadcn Way more checks were run after that merge, I assume that has to do with the failing Vercel build? I'll take a look into the others 👀

@gdragotto
Copy link

The lock file seems out of date @JensAstrup

 ERR_PNPM_LOCKFILE_MISSING_DEPENDENCY  Broken lockfile: no entry for '[email protected]' in pnpm-lock.yaml

Can you try

pnpm install --no-frozen-lockfile?

@BowTiedFirefox
Copy link

is there an update or we can jump in to help?

@BowTiedLaplace
Copy link

Please fix this asap.

@shadcn shadcn self-assigned this Nov 20, 2024
@shadcn shadcn added the area: roadmap This looks great. We'll add it to the roadmap, review and merge. label Nov 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shadcn shadcn shadcn approved these changes

Assignees

@shadcn shadcn

Labels
area: roadmap This looks great. We'll add it to the roadmap, review and merge.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[bug]: There is a vulnerability in [email protected] > [email protected]
9 participants
@JensAstrup @DominikScholz @alexsilvar @MoSheikh @jaxazam @gdragotto @BowTiedFirefox @BowTiedLaplace @shadcn