fix(deps): lodash-es [security] #240

renovate · 2019-07-10T20:41:25Z

This PR contains the following updates:

Package	Type	Update	Change
lodash-es (source)	dependencies	patch	`4.17.11` -> `4.17.14`

GitHub Vulnerability Alerts

CVE-2019-10744

Affected versions of lodash are vulnerable to Prototype Pollution.
The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

Release Notes

lodash/lodash

`v4.17.14`

Compare Source

Renovate configuration

📅 Schedule: "" in timezone America/Los_Angeles.

🚦 Automerge: Enabled.

♻️ Rebasing: Whenever PR becomes conflicted, or if you modify the PR title to begin with "rebase!".

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot. View repository job log here.

## [4.19.5](v4.19.4...v4.19.5) (2019-07-10) ### Bug Fixes * **deps:** lodash-es [security] ([c469f4d](c469f4d)) * **deps:** lodash-es [security] ([#240](#240)) ([213fdb4](213fdb4))

mike-north-bot · 2019-07-10T21:47:01Z

🎉 This PR is included in version 4.19.5 🎉

The release is available on:

Your semantic-release bot 📦🚀

fix(deps): lodash-es [security]

c469f4d

mike-north merged commit 213fdb4 into master Jul 10, 2019

renovate bot deleted the renovate/npm-lodash-es-vulnerability branch July 10, 2019 21:26

mike-north-bot added the released label Jul 10, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(deps): lodash-es [security] #240

fix(deps): lodash-es [security] #240

renovate bot commented Jul 10, 2019

mike-north-bot commented Jul 10, 2019

fix(deps): lodash-es [security] #240

fix(deps): lodash-es [security] #240

Conversation

renovate bot commented Jul 10, 2019

GitHub Vulnerability Alerts

CVE-2019-10744

Release Notes

v4.17.14

Renovate configuration

mike-north-bot commented Jul 10, 2019

`v4.17.14`