Update dependency lodash to v4.17.21 [SECURITY] #12
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
renovate
bot
force-pushed
the
renovate/npm-lodash-vulnerability
branch
from
9c87d91 to
1c6fd75
Compare
renovate
bot
force-pushed
the
renovate/npm-lodash-vulnerability
branch
from
1c6fd75 to
63b5da9
Compare
renovate
bot
force-pushed
the
renovate/npm-lodash-vulnerability
branch
2 times, most recently
from
37c1fa6 to
1c9859a
Compare
renovate
bot
force-pushed
the
renovate/npm-lodash-vulnerability
branch
from
1c9859a to
1e06ed5
Compare
renovate
bot
force-pushed
the
renovate/npm-lodash-vulnerability
branch
from
1e06ed5 to
56a8700
Compare
renovate
bot
force-pushed
the
renovate/npm-lodash-vulnerability
branch
from
56a8700 to
974ebe9
Compare
renovate
bot
force-pushed
the
renovate/npm-lodash-vulnerability
branch
from
974ebe9 to
805eda3
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-lodash-vulnerability
branch
from
805eda3 to
72f49c6
Compare
renovate
bot
force-pushed
the
renovate/npm-lodash-vulnerability
branch
from
72f49c6 to
c59cadd
Compare
renovate
bot
force-pushed
the
renovate/npm-lodash-vulnerability
branch
from
c59cadd to
7a9e34f
Compare
renovate
bot
force-pushed
the
renovate/npm-lodash-vulnerability
branch
from
7a9e34f to
34d39fb
Compare
renovate
bot
force-pushed
the
renovate/npm-lodash-vulnerability
branch
from
34d39fb to
9f3d869
Compare
renovate
bot
force-pushed
the
renovate/npm-lodash-vulnerability
branch
from
9f3d869 to
33483be
Compare
renovate
bot
force-pushed
the
renovate/npm-lodash-vulnerability
branch
from
33483be to
f489dba
Compare
renovate
bot
force-pushed
the
renovate/npm-lodash-vulnerability
branch
from
f489dba to
0b44e95
Compare
renovate
bot
force-pushed
the
renovate/npm-lodash-vulnerability
branch
from
0b44e95 to
5aa1227
Compare
renovate
bot
force-pushed
the
renovate/npm-lodash-vulnerability
branch
from
5aa1227 to
0a0841e
Compare
renovate
bot
force-pushed
the
renovate/npm-lodash-vulnerability
branch
11 times, most recently
from
442a03a to
f3a8896
Compare
renovate
bot
force-pushed
the
renovate/npm-lodash-vulnerability
branch
12 times, most recently
from
3ef85cb to
0db543d
Compare
renovate
bot
force-pushed
the
renovate/npm-lodash-vulnerability
branch
from
0db543d to
38d5d68
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-lodash-vulnerability
branch
from
38d5d68 to
f284864
Compare
renovate
bot
force-pushed
the
renovate/npm-lodash-vulnerability
branch
from
f284864 to
dfc79b3
Compare
renovate
bot
force-pushed
the
renovate/npm-lodash-vulnerability
branch
from
dfc79b3 to
2aab579
Compare
renovate
bot
force-pushed
the
renovate/npm-lodash-vulnerability
branch
2 times, most recently
from
e4814dd to
b560934
Compare
renovate
bot
force-pushed
the
renovate/npm-lodash-vulnerability
branch
from
b560934 to
b294c26
Compare
renovate
bot
force-pushed
the
renovate/npm-lodash-vulnerability
branch
3 times, most recently
from
4afb1e1 to
04f025b
Compare
renovate
bot
force-pushed
the
renovate/npm-lodash-vulnerability
branch
2 times, most recently
from
da6f4c0 to
23aec4b
Compare
renovate
bot
force-pushed
the
renovate/npm-lodash-vulnerability
branch
from
23aec4b to
acc3753
Compare
renovate
bot
force-pushed
the
renovate/npm-lodash-vulnerability
branch
from
acc3753 to
2cbdf5d
Compare
renovate
bot
changed the title
Edited/Blocked NotificationRenovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR. You can manually request rebase by checking the rebase/retry box above. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
4.17.10->4.17.21GitHub Vulnerability Alerts
CVE-2021-23337
lodashversions prior to 4.17.21 are vulnerable to Command Injection via the template function.CVE-2020-8203
Versions of lodash prior to 4.17.19 are vulnerable to Prototype Pollution. The function zipObjectDeep allows a malicious user to modify the prototype of Object if the property identifiers are user-supplied. Being affected by this issue requires zipping objects based on user-provided property arrays.
This vulnerability causes the addition or modification of an existing property that will exist on all objects and may lead to Denial of Service or Code Execution under specific circumstances.
Release Notes
lodash/lodash
v4.17.21Compare Source
v4.17.20Compare Source
v4.17.16Compare Source
v4.17.15Compare Source
v4.17.14Compare Source
v4.17.13Compare Source
v4.17.12Compare Source
v4.17.11Compare Source
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.