Skip to main content

Klavyio JS libraries include package lodash 4.17.20 which have Vulnerabilities

https://snyk.io/vuln/npm:lodash?lh=4.17.20&utm_source=lighthouse&utm_medium=ref&utm_campaign=audit

 

 

When this will be fixed?

Anyone live?


Anyone live???


Hello @David B. , thank you for inquiring about this. We have updated the lodash version we are using about a week ago, are you still seeing the vulnerable version being used?


Yes, our few sites is still seeing that issue.

 


So  why we still see that if you update the lodash version?(info, the cache is cleared)


 

Also why the production script is showing debuging data in console


it looks like we have a couple places we are still in the process of updating the version. 


Reply