Update dependency lodash to v4.17.13 [SECURITY] (!4876) · Merge requests · Administrator / sourcegraph

Administrator requested to merge renovate/npm-lodash-vulnerability into master Jul 13, 2019

Created by: renovate[bot]

This PR contains the following updates:

Package	Type	Update	New value	References	Sourcegraph
lodash (source)	dependencies	patch	^4.17.11	homepage, source

GitHub Vulnerability Alerts

CVE-2019-10744

Affected versions of lodash are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

Release Notes

lodash/lodash

`v4.17.13`

Compare Source

Renovate configuration

📅 Schedule: "" in timezone America/Los_Angeles.

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or if you modify the PR title to begin with "rebase!".

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot. View repository job log here.

Update dependency lodash to v4.17.13 [SECURITY]

GitHub Vulnerability Alerts

CVE-2019-10744

Release Notes

v4.17.13

Renovate configuration

Merge request reports

`v4.17.13`