Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: remove unused package lodash.template #1619

Merged
merged 3 commits into from
Jan 9, 2025
Merged

fix: remove unused package lodash.template #1619

merged 3 commits into from
Jan 9, 2025

Conversation

kaeff
Copy link
Contributor

@kaeff kaeff commented Jan 8, 2025

Description

Removes the dependency lodash.template. The latest package version 4.5.0 is affected by CVE-2021-23337 and there is no update. As I could not find any references to the _.template() function in the code, removing it should be an effective mitigation of the vulnerability,.

Related issue(s)
Fixes #1561 #727

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Jan 8, 2025
edited
Loading

🦋 Changeset detected

Latest commit: 84ba893

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@asyncapi/cli Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

github-actions[bot]
github-actions bot reviewed Jan 8, 2025
View reviewed changes
Copy link
Contributor

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Welcome to AsyncAPI. Thanks a lot for creating your first pull request. Please check out our contributors guide useful for opening a pull request.
Keep in mind there are also other channels you can use to interact with AsyncAPI community. For more details check out this issue.

@kaeff kaeff changed the title Remove unused package lodash.template fix: Remove unused package lodash.template Jan 8, 2025
@kaeff kaeff force-pushed the remove-lodash-template branch from aecc009 to e3e18b8 Compare January 8, 2025 23:05
@kaeff kaeff changed the title fix: Remove unused package lodash.template fix: remove unused package lodash.template Jan 8, 2025
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Jan 9, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Shurtu-gal
Shurtu-gal approved these changes Jan 9, 2025
View reviewed changes
Copy link
Collaborator

@Shurtu-gal Shurtu-gal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Shurtu-gal
Copy link
Collaborator

/rtm

@asyncapi-bot asyncapi-bot merged commit dcfb8c7 into asyncapi:master Jan 9, 2025
23 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

@Shurtu-gal Shurtu-gal Shurtu-gal approved these changes

@Souvikns Souvikns Awaiting requested review from Souvikns Souvikns is a code owner

@Amzani Amzani Awaiting requested review from Amzani Amzani is a code owner

@asyncapi-bot-eve asyncapi-bot-eve Awaiting requested review from asyncapi-bot-eve asyncapi-bot-eve is a code owner

@AayushSaini101 AayushSaini101 Awaiting requested review from AayushSaini101 AayushSaini101 is a code owner

Assignees
No one assigned
Labels
ready-to-merge
Projects
CLI - Kanban
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[BUG] Lots of vulnerabilities, including 15 critical
3 participants
@kaeff @Shurtu-gal @asyncapi-bot