Skip to content

Update dependency lodash to v4.17.13 [SECURITY]

Warren Gifford requested to merge renovate/npm-lodash-vulnerability into master

Created by: renovate[bot]

This PR contains the following updates:

Package Type Update New value References Sourcegraph
lodash (source) dependencies patch ^4.17.11 homepage, source code search for "lodash"

GitHub Vulnerability Alerts

CVE-2019-10744

Affected versions of lodash are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.


Release Notes

lodash/lodash

v4.17.13

Compare Source


Renovate configuration

📅 Schedule: "" in timezone America/Los_Angeles.

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or if you modify the PR title to begin with "rebase!".

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot. View repository job log here.

Merge request reports

Loading