Discourse embeds a custom copy of 1.3.0 version of lo-dash.
Google’s lighthouse analysis reports 4 security vulnerabilities on my up-to-date Discourse instance, 3 of which are in lo-dash and one of which is marked as High severity.
The lighthouse report links to
Lighthouse is at
and the report for this site, at
says under Best Practices
Some third-party scripts may contain known security vulnerabilities that are easily identified and exploited by attackers. Learn more.
Library Version Vulnerability Count Highest Severity Lo-Dash@1.3.0 3 High