I logged a bug with Google workbook to no avail:GoogleChrome/workbox#3322 Here is a discussion that explains why lodash cannot fix this:lodash/lodash#5851 What could be done to fix this in gatsby? Reproduction
There are vulnerabilities CVE-2020-28500, CVE-2021-23337, CVE-2020-8203 which affects IBM Engineering Workflow Management (EWM). Vulnerability Details CVEID: CVE-2020-9281 DESCRIPTION: CKEditor is vulnerable to cross-site scripting, caused by impr...
CVE-2021-23337 Command Injection in lodash Library Affected: workbox-build Browser & Platform: "all browsers" Issue or Feature Request Description: workbox-build appears to be using lodash.template that has a vulnerability reported. Please kindly release a version to fix this. Thank you. CVE:GHSA...
lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. (GHSA-35jh-r3h4-6jhm) Contributor nschonni commented Oct 26, 2021 We don't pin to a version with a lockfile, so you can use npm audit fix to address your local resolution issue nschonni close...