Dependency `lodash.set` has an unpatched CVE

The [lodash.set](https://www.npmjs.com/package/lodash.set) package has an open CVE: https://security.snyk.io/vuln/SNYK-JS-LODASHSET-1320032. The maintainer of Lodash will not release a patched version, and he considers the per-method packages [soft-deprecated](https://github.com/lodash/lodash/issues/3793#issuecomment-389774153).

We should be able to use [set-value](https://www.npmjs.com/package/set-value) as a drop-in replacement.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Dependency `lodash.set` has an unpatched CVE #675

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Dependency lodash.set has an unpatched CVE #675

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

Dependency `lodash.set` has an unpatched CVE #675