DynamoDB client for NodeJS and browser with a fluent api to build requests. We take care of the type mapping between JS and DynamoDB, customizable trough typescript decorators.
Affected versions of lodash are vulnerable to Prototype Pollution.
The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
Coverage remained the same at 94.811% when pulling 99c34b4f4b6cf01188a36206e4da0557d2a534a4 on renovate/npm-lodash-vulnerability into 5c25d3977bbe33a9b2a04ef36e425ad3ecebd284 on master.
This PR contains the following updates:
4.17.11
->4.17.13
4.17.11
->4.17.13
GitHub Vulnerability Alerts
CVE-2019-10744
Affected versions of lodash are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
Release Notes
lodash/lodash
### [`v4.17.13`](https://togithub.com/lodash/lodash/compare/4.17.12...4.17.13) [Compare Source](https://togithub.com/lodash/lodash/compare/4.17.11...4.17.13)Renovate configuration
:date: Schedule: "" (UTC).
:vertical_traffic_light: Automerge: Disabled by config. Please merge this manually once you are satisfied.
:recycle: Rebasing: Whenever PR becomes conflicted, or if you modify the PR title to begin with "
rebase!
".:no_bell: Ignore: Close this PR and you won't be reminded about these updates again.
This PR has been generated by Renovate Bot. View repository job log here.