From ecf367fa658f60b7882245b691f638d19bb30f72 Mon Sep 17 00:00:00 2001
From: Esben Sparre Andreasen <esben@semmle.com>
Date: Wed, 3 Jul 2019 08:18:16 +0200
Subject: [PATCH] JS: bump vulnerable lodash version for prototype pollution

See https://github.com/lodash/lodash/pull/4336
---
 .../semmle/javascript/security/dataflow/PrototypePollution.qll  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/PrototypePollution.qll b/javascript/ql/src/semmle/javascript/security/dataflow/PrototypePollution.qll
index 7da991d5f5c8..9956a09e70aa 100644
--- a/javascript/ql/src/semmle/javascript/security/dataflow/PrototypePollution.qll
+++ b/javascript/ql/src/semmle/javascript/security/dataflow/PrototypePollution.qll
@@ -162,7 +162,7 @@ module PrototypePollution {
       version.maybeBefore("4.0.1")
       or
       id = "lodash" + any(string s) and
-      version.maybeBefore("4.17.11")
+      version.maybeBefore("4.17.12")
       or
       id = "merge" and
       version.maybeBefore("1.2.1")