From 4e7673a0b8f8ac63af40798764468f07a79f2980 Mon Sep 17 00:00:00 2001 From: Tom MacWright Date: Mon, 14 May 2018 11:22:21 -0700 Subject: [PATCH] chore(package): Update lodash, to keep david-dm from crying wolf about security (#1071) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I’m strongly considering removing David DM, because it yields so many false positives - reports that only apply in the narrowest circumstances that don’t ever occur in my projects. --- package.json | 2 +- yarn.lock | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/package.json b/package.json index c812f64ae..e6f5da8bb 100644 --- a/package.json +++ b/package.json @@ -31,7 +31,7 @@ "globals-docs": "^2.4.0", "highlight.js": "^9.12.0", "js-yaml": "^3.10.0", - "lodash": "^4.17.4", + "lodash": "^4.17.10", "mdast-util-inject": "^1.1.0", "micromatch": "^3.1.5", "mime": "^2.2.0", diff --git a/yarn.lock b/yarn.lock index 64f521778..5deda90a4 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4159,6 +4159,10 @@ lodash@^4.0.0, lodash@^4.13.1, lodash@^4.14.0, lodash@^4.15.0, lodash@^4.17.4, l version "4.17.4" resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.4.tgz#78203a4d1c328ae1d86dca6460e369b57f4055ae" +lodash@^4.17.10: + version "4.17.10" + resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.10.tgz#1b7793cf7259ea38fb3661d4d38b3260af8ae4e7" + lodash@^4.17.5: version "4.17.5" resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.5.tgz#99a92d65c0272debe8c96b6057bc8fbfa3bed511"