chore(dependencies): update dependency object-path to v0.11.5 [security]

[renovate[bot]]

This PR contains the following updates:

Package	Type	Update	Change
object-path	dependencies	patch	0.11.4 -> 0.11.5

GitHub Vulnerability Alerts

CVE-2020-15256

Impact

A prototype pollution vulnerability has been found in object-path <= 0.11.4 affecting the set() method. The vulnerability is limited to the includeInheritedProps mode (if version >= 0.11.0 is used), which has to be explicitly enabled by creating a new instance of object-path and setting the option includeInheritedProps: true, or by using the default withInheritedProps instance. The default operating mode is not affected by the vulnerability if version >= 0.11.0 is used. Any usage of set() in versions < 0.11.0 is vulnerable.

Patches

Upgrade to version >= 0.11.5

Workarounds

Don't use the includeInheritedProps: true options or the withInheritedProps instance if using a version >= 0.11.0.

References

Read more about the prototype pollution vulnerability

For more information

If you have any questions or comments about this advisory:

• Open an issue in object-path

---

Release Notes

mariocasciaro/object-path

### [`v0.11.5`](https://togithub.com/mariocasciaro/object-path/compare/99d9d30087493f6def258ddfb45d34029f5ce4eb...63324602658f0860a25bde311b0087625dfee439) [Compare Source](https://togithub.com/mariocasciaro/object-path/compare/99d9d30087493f6def258ddfb45d34029f5ce4eb...63324602658f0860a25bde311b0087625dfee439)

---

Renovate configuration

:date: Schedule: "" (UTC).

:vertical_traffic_light: Automerge: Disabled by config. Please merge this manually once you are satisfied.

:recycle: Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

:no_bell: Ignore: Close this PR and you won't be reminded about this update again.

---

• [ ] If you want to rebase/retry this PR, check this box

---

This PR has been generated by WhiteSource Renovate. View repository job log here.