Upgrade lodash

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
  • #1267343
    Jarko Piironen

    WHen scaning my site with https://awesometechstack.com/ I find that Restaurant Menu usages a old version of Lodash 1.13.1 and the latest version is 4.17.21
    Could you please update Lodash to latest version or check in this article https://thejs.dev/jmitchell/its-time-to-let-go-of-lodash-nqc if it even should be removed 2022? Also check out current CVE on old versions of Lodash https://www.cvedetails.com/vulnerability-list/vendor_id-20100/product_id-57083/Lodash-Lodash.html

    Thank you

    Valeriia Bavykina

    Hi Jarko!

    I’m going to pass along your request to our development team so that they can consider this moving forward. In the meantime, I’ll be sure to reach out to you if anything changes about this or we start to work on it.

    Thanks for writing in and I’m sorry that I didn’t have better immediate news for you.

    Jarko Piironen

    Any update on this issue? Please update the plugin. Thank you

    J. Davis

    Hi Jarko,

    Unfortunately, this request has not be released yet. We will update the topic once we get any news on this. Thank you for understanding.

    best regards,
    J. Davis

    Jarko Piironen

    Any update on this issue? Thank you

    Andre Flores

    Hello Jarko,

    I have consulted with our developers and they informed me that Lodash is not used in the restaurant Menu plugin at all, the underscore.js is used instead. Here is an example: https://github.com/motopress/mp-restaurant-menu/blob/63abe56701129efcb4d363e80be12974df36b83f/classes/class-media.php#L1415.
    I would recommend that you check other plugins, which might use Lodash. If you still believe this is the Restaurant Menu plugin, which uses Lodash, kindly provide your files scan results or some evidence of Lodash being used by Restaurant Menu.


Viewing 6 posts - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.