From c9db2c33d07078526c295c20fbeef85e2fc1e488 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sun, 16 Aug 2020 23:49:13 +0000 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-LODASH-590103 --- package-lock.json | 10 ++++++---- package.json | 2 +- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index 3308de4a8..d68d83464 100644 --- a/package-lock.json +++ b/package-lock.json @@ -929,9 +929,9 @@ "dev": true }, "lodash": { - "version": "4.17.10", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.10.tgz", - "integrity": "sha512-UejweD1pDoXu+AD825lWwp4ZGtSwgnpZxb3JDViD7StjQz+Nb/6l093lx4OQ0foGWNRoc19mWy7BzL+UAK2iVg==" + "version": "4.17.20", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz", + "integrity": "sha512-PlhdFcillOINfeV7Ni6oF1TAEayyZBoZ8bcshTHqOYJYlrqzRK5hagpagky5o4HfCzzd1TRkXPMFq6cKk9rGmA==" }, "log-driver": { "version": "1.2.5", @@ -1166,6 +1166,7 @@ "version": "0.1.4", "bundled": true, "dev": true, + "optional": true, "requires": { "kind-of": "^3.0.2", "longest": "^1.0.1", @@ -2348,7 +2349,8 @@ "longest": { "version": "1.0.1", "bundled": true, - "dev": true + "dev": true, + "optional": true }, "loose-envify": { "version": "1.3.1", diff --git a/package.json b/package.json index 5647b11db..49b548247 100644 --- a/package.json +++ b/package.json @@ -12,7 +12,7 @@ "debug": "^2.6.9", "ejs": "~2.5.5", "finalhandler": "^1.0.3", - "lodash": "^4.17.5", + "lodash": "^4.17.20", "httpntlm": "^1.5.2", "request": ">=2.9.0", "sax": ">=0.6",