Skip to content

Commit

Permalink
Update Lodash to 4.17.14 (#124)
Browse files Browse the repository at this point in the history 
Older Lodash versions have a [security vulnerability][1] in the
`defaultsDeep` function. We weren't using this function directly, but
this update also updates all of our sub-dependencies using Lodash (for
example, Jest depends on Lodash).

[1]: lodash/lodash#4336
  • Loading branch information
Evan Hahn authored Jul 11, 2019
1 parent 52eb624 commit da1c2b6
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 4 deletions.
6 changes: 3 additions & 3 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
"test": "jest --env node"
},
"dependencies": {
"lodash": "4.17.11",
"lodash": "4.17.14",
"request": "2.88.0",
"xhr": "2.3.3"
},
Expand Down

0 comments on commit da1c2b6

Please sign in to comment.