Closed Bug 1565399 Opened 2 years ago Closed 2 years ago

update browsertime snapshot to address lodash vulnerability

Categories

(Firefox Build System :: General, task, P1)

task

Tracking

(firefox-esr60 unaffected, firefox-esr68 unaffected, firefox68 wontfix, firefox69 wontfix, firefox70 fixed)

RESOLVED FIXED
mozilla70
Tracking Status
firefox-esr60 --- unaffected
firefox-esr68 --- unaffected
firefox68 --- wontfix
firefox69 --- wontfix
firefox70 --- fixed

People

(Reporter: denispal, Assigned: denispal)

References

Details

(Keywords: sec-other, Whiteboard: [post-critsmash-triage])

Attachments

(1 file)

The current browsertime snapshot depends on lodash 4.6.1 and lodash 4.7.11 which have security vulnerabilities. Update the snapshot to 4989d0c22bba3a165078b8d784e8d303a727a119 which will use 4.6.2 and 4.7.14 which has the problems addressed.

Update the browsertime snapshot to 4989d0c22bba3a165078b8d784e8d303a727a119 which uses lodash 4.7.14 and lodash.merge 4.6.2.

Group: firefox-core-security
Priority: -- → P1
Group: firefox-core-security → core-security-release
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla70
Duplicate of this bug: 1566042
Keywords: sec-other
Flags: qe-verify-
Whiteboard: [post-critsmash-triage]
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.