lodash
4.17.234.18.1
templateSettings.js~
templateSettings.jsModified+4
Index: package/templateSettings.js
===================================================================
--- package/templateSettings.js
+++ package/templateSettings.js
@@ -7,8 +7,12 @@
* By default, the template delimiters used by lodash are like those in
* embedded Ruby (ERB) as well as ES2015 template strings. Change the
* following template settings to use alternative delimiters.
*
+ * **Security:** See
+ * [threat model](https://github.com/lodash/lodash/blob/main/threat-model.md)
+ * — `_.template` is insecure and will be removed in v5.
+ *
* @static
* @memberOf _
* @type {Object}
*/