Backbone-undo/underscore security advisory
Version: v0.17.3 Are you able to reproduce the bug from the demo?[x] Yes[ ] No What is the expected behavior? See below What is the current behavior? There is a known security vulnerability in one of the versions of underscore used by a nested dependency. The current version of grapejs utilises backbone-undo ^0.2.5 ht...
emyasnikov
I'm also wondering if backbone-undo is needed or can be replaced by something similar. The package hasn't been updated for 6 years
artf
The package hasn't been updated for 6 years Well, except updating its dependencies (like in this case, for security reason) it's a feature-complete library, there is no need to add/update anything else. Anyway, this PR seems to fix the sec...
chilled-capybara
Thanks for your replyAnyway, this PR seems to fix the security vulnerability at the .lock level but I'm not sure if are kept on a fresh install. I think that might fix the version in the main grapejs repo, but I'm not sure it restricts the...