- This topic has 5 replies, 4 voices, and was last updated 3 months, 1 week ago by
.
- Posts
WHen scaning my site with https://awesometechstack.com/ I find that Restaurant Menu usages a old version of Lodash 1.13.1 and the latest version is 4.17.21
Could you please update Lodash to latest version or check in this article https://thejs.dev/jmitchell/its-time-to-let-go-of-lodash-nqc if it even should be removed 2022? Also check out current CVE on old versions of Lodash https://www.cvedetails.com/vulnerability-list/vendor_id-20100/product_id-57083/Lodash-Lodash.htmlThank you
Hi Jarko!
I’m going to pass along your request to our development team so that they can consider this moving forward. In the meantime, I’ll be sure to reach out to you if anything changes about this or we start to work on it.
Thanks for writing in and I’m sorry that I didn’t have better immediate news for you.
Any update on this issue? Please update the plugin. Thank you
Hi Jarko,
Unfortunately, this request has not be released yet. We will update the topic once we get any news on this. Thank you for understanding.
best regards,
J. DavisAny update on this issue? Thank you
Hello Jarko,
I have consulted with our developers and they informed me that Lodash is not used in the restaurant Menu plugin at all, the underscore.js is used instead. Here is an example: https://github.com/motopress/mp-restaurant-menu/blob/63abe56701129efcb4d363e80be12974df36b83f/classes/class-media.php#L1415.
I would recommend that you check other plugins, which might use Lodash. If you still believe this is the Restaurant Menu plugin, which uses Lodash, kindly provide your files scan results or some evidence of Lodash being used by Restaurant Menu.Regards,
Andre
- You must be logged in to reply to this topic.