Closed renovate[bot] closed 5 years ago
This PR contains the following updates:
4.17.10
4.17.11
A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.
:date: Schedule: "" (UTC).
:vertical_traffic_light: Automerge: Disabled by config. Please merge this manually once you are satisfied.
:recycle: Rebasing: Whenever PR becomes conflicted, or if you modify the PR title to begin with "rebase!".
rebase!
:no_bell: Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot. View repository job log here.
This PR contains the following updates:
4.17.10->4.17.11GitHub Vulnerability Alerts
CVE-2018-16487
A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.
Release Notes
lodash/lodash
### [`v4.17.11`](https://togithub.com/lodash/lodash/compare/4.17.4...4.17.11) [Compare Source](https://togithub.com/lodash/lodash/compare/4.17.10...4.17.11)Renovate configuration
:date: Schedule: "" (UTC).
:vertical_traffic_light: Automerge: Disabled by config. Please merge this manually once you are satisfied.
:recycle: Rebasing: Whenever PR becomes conflicted, or if you modify the PR title to begin with "
rebase!".:no_bell: Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot. View repository job log here.