Update lodash to fix low vulnerability

FormidableLabs / babel-plugin-transform-define

Compile time code replacement for babel similar to Webpack's DefinePlugin

MIT License

245 stars 31 forks source link

Update lodash to fix low vulnerability #51

Closed pdf13 closed 6 years ago

pdf13 commented 6 years ago

Description

Packages that use babel-plugin-transform-define are receiving a warning on npm audit of a Prototype Pollution problem. This is already fixed on lodash, so this commit updates the patch of it to version 4.17.10, so this warning will disappear.

How to test

Run tests and check that nothing is broken
Create a draft project with babel-plugin-transform-define and run npm audit with and without this change. Check that there is a low vulnerability before, that is fixed with this PR.

pdf13 commented 6 years ago

@baer This is a very simple and tiny PR. Would you mind to review it for us?

GaxZE commented 6 years ago

Would be good to get this merged and released.

Just realised.. 925 files changed? Would it be better to just update lodash in package.json

boygirl commented 6 years ago

@pdf13 It looks like this PR has altered the .gitignore and adds all of node_modules to version control. We won't be able to merge this PR because of this, so I'm going to close it.