Skip to content

Commit

Permalink
Bump dependencies with vulnerabilities
Browse files Browse the repository at this point in the history 
Update the following packages, to fix Prototype Pollution
vulnerabilities:

 - lodash to 4.17.13 (https://www.npmjs.com/advisories/1065)
 - mixin-deep to 1.3.2 (https://www.npmjs.com/advisories/1013)
 - set-value to 2.0.1 (https://www.npmjs.com/advisories/1012)
 - union-value to 1.01 (patch to use set-value at version ^2.0.1)

Update the following package, to fix Arbitrary Code Execution
vulnerability:

 - eslint-utils to 1.4.3 (https://www.npmjs.com/advisories/1118)

Add eslint-visitor-keys as dependency of eslint-utlils (required to
bump eslint-utls to 1.4.3).
  • Loading branch information
@lcbm @netoax
lcbm authored and netoax committed Dec 23, 2019
1 parent 18d1287 commit df60483
Show file tree
Hide file tree
Showing 2 changed files with 37 additions and 26 deletions.
61 changes: 36 additions & 25 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@
},
"dependencies": {
"@cesarbr/knot-cloud-websocket": "^1.1.3",
"lodash": "^4.17.11"
"lodash": "^4.17.13"
},
"pre-commit": [
"lint"
Expand Down

0 comments on commit df60483

Please sign in to comment.