Affected versions of lodash are vulnerable to Prototype Pollution.
The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
Coverage remained the same at 100.0% when pulling 433f3441d54d1aa6387a00d6b4a10a21d37b9119 on renovate/npm-lodash-vulnerability into 715c2abd290f2b39eb16f45558aa91626026f5aa on master.
This PR contains the following updates:
4.17.11
->4.17.13
GitHub Vulnerability Alerts
CVE-2019-10744
Affected versions of lodash are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
Release Notes
lodash/lodash
### [`v4.17.13`](https://togithub.com/lodash/lodash/compare/4.17.12...4.17.13)Renovate configuration
:date: Schedule: "" (UTC).
:vertical_traffic_light: Automerge: Enabled.
:recycle: Rebasing: Whenever PR becomes conflicted, or if you modify the PR title to begin with "
rebase!
".:no_bell: Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot. View repository job log here.