diff options
-rw-r--r-- | changelogs/unreleased/64416-lodash-4-6-2-for-prototype-pollution.yml | 5 | ||||
-rw-r--r-- | yarn.lock | 12 |
2 files changed, 11 insertions, 6 deletions
diff --git a/changelogs/unreleased/64416-lodash-4-6-2-for-prototype-pollution.yml b/changelogs/unreleased/64416-lodash-4-6-2-for-prototype-pollution.yml new file mode 100644 index 00000000000..cd8885233de --- /dev/null +++ b/changelogs/unreleased/64416-lodash-4-6-2-for-prototype-pollution.yml @@ -0,0 +1,5 @@ +--- +title: Update lodash to 4.7.14 and lodash.mergewith to 4.6.2 +merge_request: 30602 +author: Takuya Noguchi +type: security diff --git a/yarn.lock b/yarn.lock index dc5e0662396..949a9b087bf 100644 --- a/yarn.lock +++ b/yarn.lock @@ -6992,9 +6992,9 @@ lodash.kebabcase@4.1.1: integrity sha1-hImxyw0p/4gZXM7KRI/21swpXDY= lodash.mergewith@^4.6.0: - version "4.6.0" - resolved "https://registry.yarnpkg.com/lodash.mergewith/-/lodash.mergewith-4.6.0.tgz#150cf0a16791f5903b8891eab154609274bdea55" - integrity sha1-FQzwoWeR9ZA7iJHqsVRgknS96lU= + version "4.6.2" + resolved "https://registry.yarnpkg.com/lodash.mergewith/-/lodash.mergewith-4.6.2.tgz#617121f89ac55f59047c7aec1ccd6654c6590f55" + integrity sha512-GK3g5RPZWTRSeLSpgP8Xhra+pnjBC56q9FZYe1d5RN3TJ35dbkGy3YqBSMbyCrlbi+CM9Z3Jk5yTL7RCsqboyQ== lodash.snakecase@4.1.1: version "4.1.1" @@ -7012,9 +7012,9 @@ lodash.upperfirst@4.3.1: integrity sha1-E2Xt9DFIBIHvDRxolXpe2Z1J984= lodash@^4.0.0, lodash@^4.13.1, lodash@^4.17.10, lodash@^4.17.11, lodash@^4.17.4, lodash@^4.17.5, lodash@^4.5.0, lodash@~4.17.10: - version "4.17.11" - resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.11.tgz#b39ea6229ef607ecd89e2c8df12536891cac9b8d" - integrity sha512-cQKh8igo5QUhZ7lg38DYWAxMvjSAKG0A8wGSVimP07SIUEK2UO+arSRKbRZWtelMtN5V0Hkwh5ryOto/SshYIg== + version "4.17.14" + resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.14.tgz#9ce487ae66c96254fe20b599f21b6816028078ba" + integrity sha512-mmKYbW3GLuJeX+iGP+Y7Gp1AiGHGbXHCOh/jZmrawMmsE7MS4znI3RL2FsjbqOyMayHInjOeykW7PEajUk1/xw== log-symbols@^2.0.0, log-symbols@^2.1.0, log-symbols@^2.2.0: version "2.2.0" |