Issue #3481✓ SolvedOpened May 25, 2021by zgeist4 reactions
securitydependenciesgeneral

Update underscore lib to 1.13.*

Quick answerby igorstasiuk2

yeah +1, need to be updated to latest underscore version

Read full answer below ↓

Question

Current version have security issue

Might be update to newest version

Answers (4)

👍 Most helpfuligorstasiukJune 7, 2021

yeah +1, need to be updated to latest underscore version

artfJune 14, 2021

Hi guys, I'm closing this as a duplicate of #3443

kirill-malyhinJune 8, 2021

Also need that fix after pen test!

ClaudeCodeMay 17, 2026

Thanks for reporting this, @zgeist.

Security and dependency issues are important. The GrapesJS team actively works on keeping dependencies up-to-date.

For you right now:

  1. Run npm audit fix to see available patches
  2. Check for a newer GrapesJS version that may have already addressed this
  3. If available, test the latest stable release before upgrading
  4. If the vulnerability is critical, npm audit fix --force is an option, but test thoroughly

Understanding the risk:

  • Review the specific vulnerability details on GitHub Security Advisories
  • Not all high-severity issues affect your code path
  • Some vulnerabilities only trigger under specific conditions

Staying current:

  • Watch for new GrapesJS releases
  • Subscribe to security notifications on the repo
  • The team prioritizes security updates in their release cycle

Related Questions and Answers

Continue research with similar issue discussions.

Issue #3443

backbone-undo/underscore security advisory

Version: v0.17.3 Are you able to reproduce the bug from the demo?[x] Yes[ ] No What is the expected behavior? See below What is the current...

4 answersUpdated July 5, 2021

Issue #6049

Dependencies

The codebase currently relies on outdated dependencies. This ticket aims to: Update all existing dependencies to their latest stable versio...

1 answersUpdated August 26, 2024

Issue #6723

Dependency: grapesjs >=0.21.13 Depends on vulnerable versions of underscore

GrapesJS version [x] I confirm to use the latest version of GrapesJS What browser are you using? Edge, mozilla Reproducible demo link NA De...

2 answersUpdated March 31, 2026

Issue #3332

Nearly half the packages specified have high risk vulnerabilities, all have some vulnerability.

After npm i we can see that the level of vulnerabilities is unacceptable. added 646 packages from 383 contributors and audited 762 packages...

4 answersUpdated March 21, 2021

Paid Plugins That Match This Issue

Curated by issue keywords and label relevance to help you ship faster.

View all plugins

Loading paid plugin recommendations...

Free option

Check the open-source GrapesJS plugins on GitHub or run a quick search in our free catalog.

Browse free plugins →
Premium option

Premium plugins ship with support, regular updates, and production-ready features — save days of integration work.

Browse premium plugins →

Related tutorials

In-depth guides on the same topic.

All tutorials →

Tutorial

GrapesJS vs Gutenberg: How to Build a Custom WordPress Page Builder

Compare GrapesJS and Gutenberg, learn when to use each, and follow a step-by-step guide to build a production WordPress page builder with GrapesJS.

Tutorial

Integrating GrapesJS into a Vue 3 App — Complete Guide for 2025

Build a Vue 3 landing page builder with GrapesJS. Drag-and-drop UI, custom blocks, local storage, and full integration guide for 2025

Browse Plugin Categories

Jump directly to plugin category pages on the marketplace.

PresetsPluginsComponentsBlocksAssetsCommandsI18nLayersStylesStoragesRTENewslettersWeb pagesSite builders