SECURITY: Upgrade lodash

There is a security hole in lodash with prototype pollution. It's not clear if Discourse is affected but to be on the safe side we will upgrade right away. Note that the front end Discourse does not appear to use `defaultsDeep` in our custom build and should be protected.
2019-07-11 10:42:46 -04:00 · 2019-07-11 10:42:46 -04:00 · 154ad2b402
commit 154ad2b402
parent 3d527546d7
1 changed files with 3 additions and 3 deletions
--- a/yarn.lock
+++ b/yarn.lock
@ -1467,9 +1467,9 @@ linkify-it@^2.0.0:
    uc.micro "^1.0.1"

 lodash@^4.17.11, lodash@^4.17.4, lodash@^4.2.0, lodash@^4.3.0:
-  version "4.17.11"
-  resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.11.tgz#b39ea6229ef607ecd89e2c8df12536891cac9b8d"
-  integrity sha512-cQKh8igo5QUhZ7lg38DYWAxMvjSAKG0A8wGSVimP07SIUEK2UO+arSRKbRZWtelMtN5V0Hkwh5ryOto/SshYIg==
+  version "4.17.14"
+  resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.14.tgz#9ce487ae66c96254fe20b599f21b6816028078ba"
+  integrity sha512-mmKYbW3GLuJeX+iGP+Y7Gp1AiGHGbXHCOh/jZmrawMmsE7MS4znI3RL2FsjbqOyMayHInjOeykW7PEajUk1/xw==

 lolex@^2.3.2:
  version "2.7.5"