request #35871 Ignore lodash.pick CVE-2020-8203

Artifact

Infos

Artifact ID#35871

Submitted byThomas Gerbet (tgerbet)

Last Modified On2024-01-25 15:40

Submitted on2024-01-25 09:28

Rank37457

Details

Summary *

Ignore lodash.pick CVE-2020-8203

Original Submission

It is a prototype pollution issue which is not really a problem for our context (used in gettext extraction pipeline of the Angular tooling).
We cannot upgrade it because the whole tooling is outdated.

CategoryDev tools

Reported in versionEmpty

PlatformEmpty

Is an Enhancement or an internal improvement?

[ ] enhancement
[ ] internal improvement

CC listEmpty

Stage

Assigned toThomas Gerbet (tgerbet)

StatusClosed

Close date2024-01-25

Attachments

Connected artifacts

Artifact links

Releases

Fixed in

	Artifact ID	Project	Tracker	Summary	Status	Last Update Date	Submitted By	Assigned to
	rel #35497	Tuleap	Releases	15.5	Delivered	2024-05-02 12:01	Manuel Vacelet (vaceletm)

Reverse artifact links

Empty

AttachmentsEmpty

References

Cross references

Referencing request #35871

Git commit

tuleap/tuleap/stable

chore: request #35871 Ignore lodash.pick CVE-2020-8203 13627cdc33

Thomas Gerbet (tgerbet) , 2024-01-25 09:29

Merge commit 'refs/changes/02/30302/1' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD dd8812c1d8

Yannis ROSSETTO (rossettoy) , 2024-01-25 15:39

Show items referenced by request #35871

Referenced by request #35871

Artifact Tracker v5

rel #35497 15.5

Other

gerrit #30302

Follow-ups

Yannis ROSSETTO (rossettoy)

2024-01-25 15:40

Status changed from Under review to Closed
Connected artifacts
- Added Fixed in: rel #35497
Close date set to 2024-01-25

Thomas Gerbet (tgerbet)

2024-01-25 09:30

See gerrit #30302.

Status changed from Under implementation to Under review

Public