Skip to main content
Solved

Will the Shopify lodash package be fixed?


Forum|alt.badge.img+2

Klavyio JS libraries include package lodash 4.17.20 which have Vulnerabilities

https://snyk.io/vuln/npm:lodash?lh=4.17.20&utm_source=lighthouse&utm_medium=ref&utm_campaign=audit

 

 

When this will be fixed?

Best answer by jallain

Hello @David B. , thank you for inquiring about this. We have updated the lodash version we are using about a week ago, are you still seeing the vulnerable version being used?

View original
Did this topic or the replies in the thread help you find an answer to your question?

7 replies

Forum|alt.badge.img+2
  • Author
  • Active Contributor I
  • 10 replies
  • April 27, 2021

Anyone live?


Forum|alt.badge.img+2
  • Author
  • Active Contributor I
  • 10 replies
  • April 29, 2021

Anyone live???


jallain
Klaviyo Employee
Forum|alt.badge.img+11
  • Klaviyo Employee
  • 70 replies
  • Answer
  • May 4, 2021

Hello @David B. , thank you for inquiring about this. We have updated the lodash version we are using about a week ago, are you still seeing the vulnerable version being used?


Forum|alt.badge.img+2
  • Author
  • Active Contributor I
  • 10 replies
  • May 5, 2021

Yes, our few sites is still seeing that issue.

 


Forum|alt.badge.img+2
  • Author
  • Active Contributor I
  • 10 replies
  • May 5, 2021

So  why we still see that if you update the lodash version?(info, the cache is cleared)


Forum|alt.badge.img+2
  • Author
  • Active Contributor I
  • 10 replies
  • May 5, 2021

 

Also why the production script is showing debuging data in console


jallain
Klaviyo Employee
Forum|alt.badge.img+11
  • Klaviyo Employee
  • 70 replies
  • May 6, 2021

it looks like we have a couple places we are still in the process of updating the version.