Solved

Will the Shopify lodash package be fixed?

  • 26 April 2021
  • 7 replies
  • 257 views

Userlevel 1
Badge +2

Klavyio JS libraries include package lodash 4.17.20 which have Vulnerabilities

https://snyk.io/vuln/npm:lodash?lh=4.17.20&utm_source=lighthouse&utm_medium=ref&utm_campaign=audit

 

 

When this will be fixed?

icon

Best answer by jallain 4 May 2021, 18:03

View original

7 replies

Userlevel 1
Badge +2

Anyone live?

Userlevel 1
Badge +2

Anyone live???

Userlevel 4
Badge +11

Hello @David B. , thank you for inquiring about this. We have updated the lodash version we are using about a week ago, are you still seeing the vulnerable version being used?

Userlevel 1
Badge +2

Yes, our few sites is still seeing that issue.

 

Userlevel 1
Badge +2

So  why we still see that if you update the lodash version?(info, the cache is cleared)

Userlevel 1
Badge +2

 

Also why the production script is showing debuging data in console

Userlevel 4
Badge +11

it looks like we have a couple places we are still in the process of updating the version. 

Reply