Skip to content
This repository has been archived by the owner on May 27, 2021. It is now read-only.

Commit

Permalink
Merge #944
Browse files Browse the repository at this point in the history 
944: Update dependency lodash to v4.17.13 [SECURITY] r=rehandalal a=renovate[bot]

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [lodash](https://lodash.com/) ([source](https://togithub.com/lodash/lodash)) | dependencies | patch | [`4.17.11` -> `4.17.13`](https://renovatebot.com/diffs/npm/lodash/4.17.11/4.17.13) |

### GitHub Vulnerability Alerts

#### [CVE-2019-10744](https://togithub.com/lodash/lodash/pull/4336)

Affected versions of lodash are vulnerable to Prototype Pollution. 
The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.


Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Rehan Dalal <rehandalal@gmail.com>
  • Loading branch information
@bors @renovate-bot @rehandalal
3 people committed Jul 23, 2019
2 parents 4ef2cd2 + 484c354 commit cd1e77b
Show file tree
Hide file tree
Showing 2 changed files with 941 additions and 986 deletions.
2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@
"immutable": "3.8.2",
"less": "3.9.0",
"less-loader": "5.0.0",
"lodash": "4.17.11",
"lodash": "4.17.13",
"object-assign": "4.1.1",
"postcss-flexbugs-fixes": "4.1.0",
"postcss-loader": "3.0.0",
Expand Down

0 comments on commit cd1e77b

Please sign in to comment.