!disturbed there’s a currently a VULN with underscore 1.12.0 which is used by `@atlassian/aui-8@npm:@atlassian/aui@8.7.1` which relies on `backbone...

Description

Fix vuln for 8.7.1

Environment

None

QA Kickoff Check-In

Usage described in documentation
Demonstration of all states
Interactive state (screen readers)
Visual regression tests
Unit tests
Navigation (only keyboard / only mouse)
Component render legibly

QA Demo Check-Out

P2 plugin
Browsers (Edge/IE11/Firefox/Chrome/Safari)
Resizing
Zoom in/out
Navigation (Keyboard/Mouse)
Focus
Element status (At Rest/Pressed/Selected/Read Only/Disabled)
Cursors
Tooltips
Audio

Activity

Show:
Chris "Daz" Darroch
April 19, 2021, 5:03 AM

Underscore has been bumped to 1.13.1 in AUI 8.8.0. The only difference between the latest AUI 8.7.x and 8.8.0 is the underscore bump.

Chris "Daz" Darroch
April 14, 2021, 2:03 AM

, , , I will get this story done as part of this week.

Halp
April 9, 2021, 4:51 AM

[On behalf of @sukeer] I have a https://staging.bb-inf.net/bitbucket/bitbucket/pull-requests/24832/vuln-334302-upgrade-underscore-from-1120 that addresses this vuln for our team.

Halp
April 9, 2021, 4:21 AM

[On behalf of @Jira] AUI-5332: Update vulnerable dependencies in AUI

Halp
April 9, 2021, 4:21 AM

[On behalf of @daz] hi, I'm in the process of upmerging dependency bumps across the entire AUI 8.x series. Follow AUI-5332 for updates, but I'll resolve this ticket as part of that work :thumbsup:

Fixed

Assignee

Chris "Daz" Darroch

Reporter

Halp