This PR updates the lodash and svg-sprite-data dependency versions to patch the vulnerability found below. I also went ahead and ignored some common Yarn and NPM files.
✗ Low severity vulnerability found in lodash
Description: Prototype Pollution
Info: https://snyk.io/vuln/npm:lodash:20180130
Introduced through: lodash@4.14.1, svg-sprite-data@3.1.0
From: lodash@4.14.1
From: svg-sprite-data@3.1.0 > lodash@4.14.1
Remediation:
Upgrade direct dependency lodash@4.14.1 to lodash@4.17.5 (triggers upgrades to lodash@4.17.5)
Some paths have no direct dependency upgrade that can address this issue. Run `snyk wizard` to explore remediation options.
This PR updates the
lodash
andsvg-sprite-data
dependency versions to patch the vulnerability found below. I also went ahead and ignored some common Yarn and NPM files.This PR assumes that https://github.com/shakyShane/svg-sprite-data/pull/8 will be merged.