[wp-trac] [WordPress Trac] #48203: Update/Audit npm Dependencies
WordPress Trac
noreply at wordpress.org
Sat Oct 5 13:48:04 UTC 2019
#48203: Update/Audit npm Dependencies
-------------------------------------+---------------------
Reporter: whyisjake | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 5.3
Component: Build/Test Tools | Version:
Severity: normal | Resolution:
Keywords: has-patch needs-refresh | Focuses:
-------------------------------------+---------------------
Comment (by jorbin):
In [changeset:"46403" 46403]:
{{{
#!CommitTicketReference repository="" revision="46403"
Build/Test Tools: Fork and Update `grunt-replace`
The version of grunt replace that is bundled in core is using an outdated
version of lodash that is bringing 2 low, 3 high, and 1 critical issue.
This package is currently abandoned. There is a community forked version,
but that is also harboring some similar security issues.
This switches to a fork by @whyisjake and causes no change to the build.
See #48203.
Fixes #48217.
Props whyisjake, netweb for testing.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/48203#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list