From 9b0be303b492a4e164b8d084e62036a0a416604e Mon Sep 17 00:00:00 2001 From: Robin Ward Date: Thu, 11 Jul 2019 10:42:46 -0400 Subject: [PATCH] SECURITY: Upgrade lodash There is a security hole in lodash with prototype pollution. It's not clear if Discourse is affected but to be on the safe side we will upgrade right away. Note that the front end Discourse does not appear to use `defaultsDeep` in our custom build and should be protected. --- yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/yarn.lock b/yarn.lock index b286179a83..65b2839bcc 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1465,9 +1465,9 @@ linkify-it@^2.0.0: uc.micro "^1.0.1" lodash@^4.17.11, lodash@^4.17.4, lodash@^4.2.0, lodash@^4.3.0: - version "4.17.11" - resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.11.tgz#b39ea6229ef607ecd89e2c8df12536891cac9b8d" - integrity sha512-cQKh8igo5QUhZ7lg38DYWAxMvjSAKG0A8wGSVimP07SIUEK2UO+arSRKbRZWtelMtN5V0Hkwh5ryOto/SshYIg== + version "4.17.14" + resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.14.tgz#9ce487ae66c96254fe20b599f21b6816028078ba" + integrity sha512-mmKYbW3GLuJeX+iGP+Y7Gp1AiGHGbXHCOh/jZmrawMmsE7MS4znI3RL2FsjbqOyMayHInjOeykW7PEajUk1/xw== lolex@^2.3.2: version "2.7.5"