[SG-36530] NPM dependency upgrades: Prototype Pollution in lodash

Review changes
Download
Patches
Plain diff

Merged [SG-36530] NPM dependency upgrades: Prototype Pollution in lodash

contractors/SG-36530 into main

Overview 1
Commits 1
Pipelines 0
Changes 2

Merged Warren Gifford requested to merge contractors/SG-36530 into main 3 years ago

Overview 1
Commits 1
Pipelines 0
Changes 2

Created by: gitstart-sourcegraph

Descriptions

Dependabot alert here

Versions of lodash before 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep allows a malicious user to modify the prototype of Object via {constructor: {prototype: {...}}} causing the addition or modification of an existing property that will exist on all objects.

Checked dependencies: @percy/cli -> @percy/cli-* -> @percy/cli-command -> @oclif/plugin-help -> lodash.template@^4.5.0

Changes: Upgrade @percy/cli version