From b6f39222daf94043ae21373f2ab6019ced41f2f4 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Mon, 11 Feb 2019 23:39:25 +0000 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-LODASH-73638 - https://snyk.io/vuln/SNYK-JS-LODASH-73639 --- package-lock.json | 10 ++++++---- package.json | 2 +- 2 files changed, 7 insertions(+), 5 deletions(-) mode change 100755 => 100644 package-lock.json mode change 100755 => 100644 package.json diff --git a/package-lock.json b/package-lock.json old mode 100755 new mode 100644 index 5e66860f..89822a2e --- a/package-lock.json +++ b/package-lock.json @@ -1457,9 +1457,9 @@ } }, "lodash": { - "version": "4.17.10", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.10.tgz", - "integrity": "sha512-UejweD1pDoXu+AD825lWwp4ZGtSwgnpZxb3JDViD7StjQz+Nb/6l093lx4OQ0foGWNRoc19mWy7BzL+UAK2iVg==" + "version": "4.17.11", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz", + "integrity": "sha512-cQKh8igo5QUhZ7lg38DYWAxMvjSAKG0A8wGSVimP07SIUEK2UO+arSRKbRZWtelMtN5V0Hkwh5ryOto/SshYIg==" }, "lodash.get": { "version": "4.4.2", @@ -1855,6 +1855,7 @@ "version": "0.1.4", "bundled": true, "dev": true, + "optional": true, "requires": { "kind-of": "^3.0.2", "longest": "^1.0.1", @@ -3037,7 +3038,8 @@ "longest": { "version": "1.0.1", "bundled": true, - "dev": true + "dev": true, + "optional": true }, "loose-envify": { "version": "1.3.1", diff --git a/package.json b/package.json old mode 100755 new mode 100644 index 23a6d583..52335759 --- a/package.json +++ b/package.json @@ -54,7 +54,7 @@ "depd": "^1.1.2", "flat": "^1.2.1", "immutable": "^3.8.2", - "lodash": "^4.17.5", + "lodash": "^4.17.11", "negotiator": "github:ethanresnick/negotiator#full-parse-access", "pluralize": "0.0.11", "pug": "^2.0.3",