Hello,
I’m using @ant-design/pro-cli@3.2.1 (latest at the time of writing), and noticed it’s still pulling underscore@1.7.0, which is affected by a critical RCE vulnerability (CVE-2021-23358).
Here’s the relevant dependency path:
└─┬ @ant-design/pro-cli@3.2.1
├─┬ blink-diff@1.0.13
│ └─┬ preceptor-core@0.10.1
│ └── underscore@1.7.0 deduped
└─┬ pngjs-image@0.11.7
└── underscore@1.7.0
Would you be open to updating or replacing these dependencies to eliminate the risk from the outdated underscore?
Thanks!
Hello,
I’m using @ant-design/pro-cli@3.2.1 (latest at the time of writing), and noticed it’s still pulling underscore@1.7.0, which is affected by a critical RCE vulnerability (CVE-2021-23358).
Here’s the relevant dependency path:
Would you be open to updating or replacing these dependencies to eliminate the risk from the outdated underscore?
Thanks!