`lodash` has a prototype pollution vulnerability, there is a nearly-trivial PR open which will fix it, and the maintainer is just... ignoring it?https://github.com/lodash/lodash/pull/4745#issuecomment-622477124 …
Show this thread
In fact, there's a second PR open which will also fix the issue, and which is also being ignored! https://github.com/lodash/lodash/pull/4759 … Both PRs are around two months old at this stage
-
-
I respect the right of a programmer to not be compelled to do free work for other people, which is why one of the possible resolutions we've discussed at work is to just find the guy and bribe him to push the button
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
It's OK, it's not like `lodash` is widely used.... Oh.pic.twitter.com/HTGVMXJvl0
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.