Versions of lodash before 4.17.5 are vulnerable to prototype pollution.
The vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of Object via __proto__ causing the addition or modification of an existing property that will exist on all objects.
Versions of lodash before 4.17.11 are vulnerable to prototype pollution.
The vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of Object via {constructor: {prototype: {...}}} causing the addition or modification of an existing property that will exist on all objects.
Versions of lodash before 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep allows a malicious user to modify the prototype of Object via {constructor: {prototype: {...}}} causing the addition or modification of an existing property that will exist on all objects.
lodash prior to 4.7.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.7.11.
All versions of package lodash prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
Steps to reproduce (provided by reporter Liyuan Chen):
var lo = require('lodash');
function build_blank(n) {
var ret = "1"
for (var i = 0; i < n; i++) {
ret += " "
}
return ret + "1";
}
var s = build_blank(50000) var time0 = Date.now();
lo.trim(s)
var time_cost0 = Date.now() - time0;
console.log("time_cost0: " + time_cost0);
var time1 = Date.now();
lo.toNumber(s) var time_cost1 = Date.now() - time1;
console.log("time_cost1: " + time_cost1);
var time2 = Date.now();
lo.trimEnd(s);
var time_cost2 = Date.now() - time2;
console.log("time_cost2: " + time_cost2);
lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
Release Notes
lodash/lodash (lodash)
### [`v4.17.21`](https://togithub.com/lodash/lodash/compare/4.17.20...4.17.21)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.17.20...4.17.21)
### [`v4.17.20`](https://togithub.com/lodash/lodash/compare/4.17.19...4.17.20)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.17.19...4.17.20)
### [`v4.17.16`](https://togithub.com/lodash/lodash/compare/4.17.15...4.17.16)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.17.15...4.17.16)
### [`v4.17.15`](https://togithub.com/lodash/lodash/compare/4.17.14...4.17.15)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.17.14...4.17.15)
### [`v4.17.14`](https://togithub.com/lodash/lodash/compare/4.17.13...4.17.14)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.17.13...4.17.14)
### [`v4.17.13`](https://togithub.com/lodash/lodash/compare/4.17.12...4.17.13)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.17.12...4.17.13)
### [`v4.17.12`](https://togithub.com/lodash/lodash/compare/4.17.11...4.17.12)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.17.11...4.17.12)
### [`v4.17.11`](https://togithub.com/lodash/lodash/compare/4.17.10...4.17.11)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.17.10...4.17.11)
### [`v4.17.10`](https://togithub.com/lodash/lodash/compare/4.17.9...4.17.10)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.17.9...4.17.10)
### [`v4.17.9`](https://togithub.com/lodash/lodash/compare/4.17.5...4.17.9)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.17.5...4.17.9)
### [`v4.17.5`](https://togithub.com/lodash/lodash/compare/4.17.4...4.17.5)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.17.4...4.17.5)
### [`v4.17.4`](https://togithub.com/lodash/lodash/compare/4.17.3...4.17.4)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.17.3...4.17.4)
### [`v4.17.3`](https://togithub.com/lodash/lodash/compare/4.17.2...4.17.3)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.17.2...4.17.3)
### [`v4.17.2`](https://togithub.com/lodash/lodash/compare/4.17.1...4.17.2)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.17.1...4.17.2)
### [`v4.17.1`](https://togithub.com/lodash/lodash/compare/4.17.0...4.17.1)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.17.0...4.17.1)
### [`v4.17.0`](https://togithub.com/lodash/lodash/compare/4.16.6...4.17.0)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.16.6...4.17.0)
### [`v4.16.6`](https://togithub.com/lodash/lodash/compare/4.16.5...4.16.6)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.16.5...4.16.6)
### [`v4.16.5`](https://togithub.com/lodash/lodash/compare/4.16.4...4.16.5)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.16.4...4.16.5)
### [`v4.16.4`](https://togithub.com/lodash/lodash/compare/4.16.3...4.16.4)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.16.3...4.16.4)
### [`v4.16.3`](https://togithub.com/lodash/lodash/compare/4.16.2...4.16.3)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.16.2...4.16.3)
### [`v4.16.2`](https://togithub.com/lodash/lodash/compare/4.16.1...4.16.2)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.16.1...4.16.2)
### [`v4.16.1`](https://togithub.com/lodash/lodash/compare/4.16.0...4.16.1)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.16.0...4.16.1)
### [`v4.16.0`](https://togithub.com/lodash/lodash/compare/4.15.0...4.16.0)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.15.0...4.16.0)
### [`v4.15.0`](https://togithub.com/lodash/lodash/compare/4.14.2...4.15.0)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.14.2...4.15.0)
### [`v4.14.2`](https://togithub.com/lodash/lodash/compare/4.14.1...4.14.2)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.14.1...4.14.2)
### [`v4.14.1`](https://togithub.com/lodash/lodash/compare/4.14.0...4.14.1)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.14.0...4.14.1)
### [`v4.14.0`](https://togithub.com/lodash/lodash/compare/4.13.1...4.14.0)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.13.1...4.14.0)
### [`v4.13.1`](https://togithub.com/lodash/lodash/compare/4.13.0...4.13.1)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.13.0...4.13.1)
### [`v4.13.0`](https://togithub.com/lodash/lodash/compare/4.12.0...4.13.0)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.12.0...4.13.0)
### [`v4.12.0`](https://togithub.com/lodash/lodash/compare/4.11.2...4.12.0)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.11.2...4.12.0)
### [`v4.11.2`](https://togithub.com/lodash/lodash/compare/4.11.1...4.11.2)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.11.1...4.11.2)
### [`v4.11.1`](https://togithub.com/lodash/lodash/compare/4.11.0...4.11.1)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.11.0...4.11.1)
### [`v4.11.0`](https://togithub.com/lodash/lodash/compare/4.10.0...4.11.0)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.10.0...4.11.0)
### [`v4.10.0`](https://togithub.com/lodash/lodash/compare/4.9.0...4.10.0)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.9.0...4.10.0)
### [`v4.9.0`](https://togithub.com/lodash/lodash/compare/4.8.2...4.9.0)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.8.2...4.9.0)
### [`v4.8.2`](https://togithub.com/lodash/lodash/compare/4.8.1...4.8.2)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.8.1...4.8.2)
### [`v4.8.1`](https://togithub.com/lodash/lodash/compare/4.8.0...4.8.1)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.8.0...4.8.1)
### [`v4.8.0`](https://togithub.com/lodash/lodash/compare/4.7.0...4.8.0)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.7.0...4.8.0)
### [`v4.7.0`](https://togithub.com/lodash/lodash/compare/4.6.1...4.7.0)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.6.1...4.7.0)
### [`v4.6.1`](https://togithub.com/lodash/lodash/compare/4.6.0...4.6.1)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.6.0...4.6.1)
### [`v4.6.0`](https://togithub.com/lodash/lodash/compare/4.5.1...4.6.0)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.5.1...4.6.0)
### [`v4.5.1`](https://togithub.com/lodash/lodash/compare/4.5.0...4.5.1)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.5.0...4.5.1)
### [`v4.5.0`](https://togithub.com/lodash/lodash/compare/4.4.0...4.5.0)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.4.0...4.5.0)
### [`v4.4.0`](https://togithub.com/lodash/lodash/compare/4.3.0...4.4.0)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.3.0...4.4.0)
### [`v4.3.0`](https://togithub.com/lodash/lodash/compare/4.2.1...4.3.0)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.2.1...4.3.0)
### [`v4.2.1`](https://togithub.com/lodash/lodash/compare/4.2.0...4.2.1)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.2.0...4.2.1)
### [`v4.2.0`](https://togithub.com/lodash/lodash/compare/4.1.0...4.2.0)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.1.0...4.2.0)
### [`v4.1.0`](https://togithub.com/lodash/lodash/compare/4.0.1...4.1.0)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.0.1...4.1.0)
### [`v4.0.1`](https://togithub.com/lodash/lodash/compare/4.0.0...4.0.1)
[Compare Source](https://togithub.com/lodash/lodash/compare/4.0.0...4.0.1)
### [`v4.0.0`](https://togithub.com/lodash/lodash/releases/tag/4.0.0)
[Compare Source](https://togithub.com/lodash/lodash/compare/3.10.1...4.0.0)
### [lodash v4.0.0](https://togithub.com/lodash/lodash/wiki/Changelog#v400)
2015 was big year! [Lodash](https://lodash.com/) became the [most depended on](https://gist.github.com/anvaka/8e8fa57c7ee1350e3491#file-01-most-dependent-upon-md) npm package, passed [1 billion](http://npm-stat.com/charts.html?package=\&author=jdalton) downloads, & its v3 release saw massive adoption!
The year was also one of collaboration, as discussions began on [merging Lodash & Underscore](https://togithub.com/underdash/underdash/issues/14). Much of Lodash v4 is proofing out the ideas from those discussions. Lodash v4 **would not be possible** without the collaboration & contributions of the Underscore core team. In the spirit of merging our teams have blended with [several members](https://togithub.com/orgs/lodash/people) contributing to both libraries.
For 2016 & [lodash v4.0.0](https://togithub.com/lodash/lodash/wiki/Changelog#v400) we wanted to cut loose, push forward, & take things up a notch!
#### Modern only
With v4 we’re breaking free from [old projects](https://togithub.com/lodash-archive), old environments, & dropping [old IE < 9 support](https://www.microsoft.com/en-us/WindowsForBusiness/End-of-IE-support)!
#### 4 kB Core
Lodash’s kitchen-sink size will continue to grow as new methods & functionality are added. However, we now offer a 4 kB (gzipped) [core build](https://togithub.com/lodash/lodash/tree/4.0.0/dist) that’s compatible with [Backbone v1.2.4](https://togithub.com/jashkenas/backbone/issues/3839) for folks who want Lodash without lugging around the kitchen sink.
#### More ES6
We’ve continued to embrace ES6 with methods like [\_.isSymbol](https://lodash.com/docs#isSymbol), added support for cloning & comparing array buffers, maps, sets, & symbols, converting iterators to arrays, & iterable `_(…)`.
In addition, we’ve published an [es-build](https://togithub.com/lodash/lodash/tree/4.0.0-es/) & pulled [babel-plugin-lodash](https://togithub.com/lodash/babel-plugin-lodash) into core to make tree-shaking a breeze.
#### More Modular
Pop quiz! 📣
What category path does the `bindAll` method belong to? Is it
A) `require('lodash/function/bindAll')`
B) `require('lodash/utility/bindAll')`
C) `require('lodash/util/bindAll')`
Don’t know? Well, with v4 it doesn’t matter because now module paths are as simple as
```js
var bindAll = require('lodash/bindAll');
```
We’ve also reduced module complexity making it easier to create smaller bundles. This has helped Lodash adoption with libraries like [Async](https://togithub.com/caolan/async/pull/996) & [Redux](https://togithub.com/rackt/redux/pull/611)!
#### 1st Class FP
With v3 we introduced [lodash-fp](https://togithub.com/lodash-archive/lodash-fp). We learned a lot & with v4 we decided to [pull it into core](https://togithub.com/lodash/lodash/wiki/FP-Guide).
Now you can get immutable, auto-curried, iteratee-first, data-last methods as simply as
```js
var _ = require('lodash/fp');
var object = { 'a': 1 };
var source = { 'b': 2 };
var newObject = _.assign(source)(object);
console.log(newObject);
// => { 'a': 1, 'b': 2 }
console.log(object);
// => { 'a': 1 }
var convert = require('lodash/fp/convert');
var assign = convert('assign', require('lodash.assign'));
// works too!
```
#### Chakra Optimized
Well actually, while we’re [excited about Chakra](https://blogs.windows.com/msedgedev/2016/01/13/chakracore-now-open/), Lodash is optimized for great performance across **all engines**. Unlike many libraries, we don’t favor a single engine so we can deliver solid performance & support regardless of engine.
With v4 we’ve continued our commitment to performance; expanding support for lazy evaluation & improving the performance of core functionality like circular reference detection.
#### Emojis
Taking things up a notch Lodash v4 has added support for emojis! Includes things like
[astral symbols](https://twitter.com/jdalton/status/643438391498010624), [unicode modifiers](https://twitter.com/jdalton/status/647236920448172032), [variation selector characters](https://twitter.com/jdalton/status/645144377229078528), [zero-width joiners](https://twitter.com/jdalton/status/644783287508926464), & [regional indicator symbols](https://twitter.com/jdalton/status/644781038221201408).
#### Breaking changes
We’ve introduced more breaking changes in this release than any other so be sure to check out the [changelog](https://togithub.com/lodash/lodash/wiki/Changelog#compatibility-warnings) for a full rundown of changes & give [lodash-migrate](https://www.npmjs.com/package/lodash-migrate) a spin to help migrate older Lodash code to the latest release.
If you dig Lodash don’t forget to [star the repo](https://togithub.com/lodash/lodash/stargazers) or `npm star lodash`!
### [`v3.10.1`](https://togithub.com/lodash/lodash/compare/3.10.0...3.10.1)
[Compare Source](https://togithub.com/lodash/lodash/compare/3.10.0...3.10.1)
### [`v3.10.0`](https://togithub.com/lodash/lodash/compare/3.9.3...3.10.0)
[Compare Source](https://togithub.com/lodash/lodash/compare/3.9.3...3.10.0)
### [`v3.9.3`](https://togithub.com/lodash/lodash/compare/3.9.2...3.9.3)
[Compare Source](https://togithub.com/lodash/lodash/compare/3.9.2...3.9.3)
### [`v3.9.0`](https://togithub.com/lodash/lodash/compare/3.8.0...3.9.0)
[Compare Source](https://togithub.com/lodash/lodash/compare/3.8.0...3.9.0)
### [`v3.8.0`](https://togithub.com/lodash/lodash/compare/3.7.0...3.8.0)
[Compare Source](https://togithub.com/lodash/lodash/compare/3.7.0...3.8.0)
### [`v3.7.0`](https://togithub.com/lodash/lodash/compare/3.6.0...3.7.0)
[Compare Source](https://togithub.com/lodash/lodash/compare/3.6.0...3.7.0)
### [`v3.6.0`](https://togithub.com/lodash/lodash/compare/3.5.0...3.6.0)
[Compare Source](https://togithub.com/lodash/lodash/compare/3.5.0...3.6.0)
### [`v3.5.0`](https://togithub.com/lodash/lodash/compare/3.4.0...3.5.0)
[Compare Source](https://togithub.com/lodash/lodash/compare/3.4.0...3.5.0)
### [`v3.4.0`](https://togithub.com/lodash/lodash/compare/3.3.1...3.4.0)
[Compare Source](https://togithub.com/lodash/lodash/compare/3.3.1...3.4.0)
### [`v3.3.1`](https://togithub.com/lodash/lodash/compare/3.3.0...3.3.1)
[Compare Source](https://togithub.com/lodash/lodash/compare/3.3.0...3.3.1)
### [`v3.3.0`](https://togithub.com/lodash/lodash/compare/3.2.0...3.3.0)
[Compare Source](https://togithub.com/lodash/lodash/compare/3.2.0...3.3.0)
### [`v3.2.0`](https://togithub.com/lodash/lodash/compare/3.1.0...3.2.0)
[Compare Source](https://togithub.com/lodash/lodash/compare/3.1.0...3.2.0)
### [`v3.1.0`](https://togithub.com/lodash/lodash/compare/3.0.1...3.1.0)
[Compare Source](https://togithub.com/lodash/lodash/compare/3.0.1...3.1.0)
### [`v3.0.1`](https://togithub.com/lodash/lodash/compare/3.0.0...3.0.1)
[Compare Source](https://togithub.com/lodash/lodash/compare/3.0.0...3.0.1)
### [`v3.0.0`](https://togithub.com/lodash/lodash/releases/tag/3.0.0)
[Compare Source](https://togithub.com/lodash/lodash/compare/2.4.2...3.0.0)
### lodash v3.0.0
After a little over a year & more than [2,000](https://togithub.com/lodash/lodash/graphs/contributors?from=2013-12-01\&type=c) [commits](https://togithub.com/lodash/lodash-cli/graphs/contributors?from=2013-12-01\&type=c) we’re excited to release [lodash v3.0.0](https://togithub.com/lodash/lodash/tree/3.0.0). lodash follows [semantic versioning](http://semver.org/) so with this major release we’ve taken the opportunity to clean house & make [some back-compat breaking changes](https://togithub.com/lodash/lodash/wiki/Changelog#compatibility-warnings). We’ll get into that in a bit, but first lets talk about all the cool things this release has to offer.
#### String methods
By popular demand we surveyed the utility landscape for a cross-section of string APIs to add to lodash. We settled on 17 string methods:
[\_.camelCase](https://lodash.com/docs#camelCase), [\_.capitalize](https://lodash.com/docs#capitalize), [\_.deburr](https://lodash.com/docs#deburr), [\_.endsWith](https://lodash.com/docs#endsWith), [\_.escapeRegExp](https://lodash.com/docs#escapeRegExp),
[\_.kebabCase](https://lodash.com/docs#kebabCase), [\_.pad](https://lodash.com/docs#pad), [\_.padLeft](https://lodash.com/docs#padLeft), [\_.padRight](https://lodash.com/docs#padRight), [\_.repeat](https://lodash.com/docs#repeat), [\_.snakeCase](https://lodash.com/docs#snakeCase),
[\_.startsWith](https://lodash.com/docs#startsWith), [\_.trim](https://lodash.com/docs#trim), [\_.trimLeft](https://lodash.com/docs#trimLeft), [\_.trimRight](https://lodash.com/docs#trimRight), [\_.trunc](https://lodash.com/docs#trunc), & [\_.words](https://lodash.com/docs#words)
There’s familiar methods from ES5, like `_.trim`, & ES6, like `_.endsWith`, `_.repeat`, & `_.startsWith`, as well as some lesser known methods like `_.deburr` & `_.kebabCase`.
```js
// trims whitespace like `String#trim` but
// also allows specifying characters to trim
_.trim(' abc ');
// → 'abc'
_.trim('-_-abc-_-', '_-');
// → 'abc'
// works great with `_.map` too
_.map([' foo ', ' bar '], _.trim);
// → ['foo', 'bar']
// deburr diacritical marks (http://en.wikipedia.org/wiki/Diacritic)
_.deburr('déjà vu');
// → 'deja vu'
// similar to a `dasherize` or `slugify` method
_.kebabCase('foo bar');
// → 'foo-bar'
```
Following casing rules with methods like `_.camelCase`, `_.kebabCase`, & `_.snakeCase` allows for strings to be transformed from say camel case, to kebab case, to snake case, & back again.
```js
_.camelCase(_.snakeCase(_.kebabCase('fooBar')));
// → 'fooBar'
```
#### ES is our jam
Previous versions of lodash added `_.assign`, `_.find`, `_.findIndex`, & ES template delimiter support. In this release we’re taking our ES adoption up a notch by aligning `_.includes`, `_.isFinite`, & `_.keys`, supporting typed arrays in `_.clone` & `_.isEqual`, using `Set` & `WeakMap` for [performance](http://jsperf.com/array-object-unique/2#chart=bar)-[gains](http://jsperf.com/weakmap-wrap#chart=bar), allowing `Map` & `WeakMap` to be used as [\_.memoize.Cache](https://lodash.com/docs/#memoize), & supporting [ES modularized builds](https://togithub.com/lodash/lodash/tree/3.0.0-es) with [lodash-cli](https://www.npmjs.com/package/lodash-cli).
#### Functional goodies
There’s lots of functional goodies in v3 like `_.ary`, `_.curryRight`, `_.flow`, `_.rearg`, & support for customizable argument placeholders in `_.bind`, `_.bindKey`, `_.curry`, `_.curryRight`, `_.partial`, & `_.partialRight`.
```js
// infomercial fail
_.map(['6', '8', '10'], parseInt);
// → [6, NaN, 2]
// using a placeholder to pass over the
// `string` parameter & specify a `radix` of `0`
_.map(['6', '8', '10'], _.partial(parseInt, _, 0));
// → [6, 8, 10]
// is equivalent to
_.map(['6', '8', '10'], function(value) {
return parseInt(value, 0);
});
// customize `_.partial.placeholder`
_.partial.placeholder = '_';
_.map(['6', '8', '10'], _.partial(parseInt, '_', 0));
// → [6, 8, 10]
```
Also several methods now [work out-of-the-box](https://togithub.com/lodash/lodash/wiki/Changelog#notable-changes) as iteratees for methods like `_.map` & `_.reduce`
```js
_.map(['6', '8', '10'], _.parseInt);
// → [6, 8, 10]
_.map(['a', 'a'], ['b', 'b'], _.uniq);
// → [['a'], ['b']]
_.reduce([{ 'b': 2 }, { 'c': 3 }], _.assign, { 'a': 1 });
// → { 'a': 1, 'b': 2, 'c': 3}
```
We’ve heard from some functional programming fans that lodash wasn’t *functional enough*, often citing our method signatures as an issue. To ease composition & currying they’d prefer methods like `_.filter` be `predicate` first & `collection` second instead of `collection` first & `predicate` second.
It’d be a shame for those fans to lose out on lodash over something as little as method signatures so with v3 we’ve added `_.ary` & `_.rearg`. The `_.ary` method sets the argument cap of a function & `_.rearg` rearranges the arguments provided to a function.
```js
// cap the number arguments provided to `parseInt` at one
_.map(['6', '8', '10'], _.ary(parseInt, 1));
// → [6, 8, 10]
// create a `filter` that’s predicate-first
var filter = _.rearg(_.filter, 1, 0);
filter('a', [{ 'a': 0 }, { 'a': 1 }]);
// → [{ 'a': 1 }]
// create an `includes` that’s auto-curried & needle-first
var includes = _(_.includes).ary(2).rearg(1, 0).curry(2).value();
includes(2)([1, 2, 3]);
// → true
```
You can also use individual packages like [lodash.ary](https://www.npmjs.com/package/lodash.ary), [lodash.curry](https://www.npmjs.com/package/lodash.curry), & [lodash.rearg](https://www.npmjs.com/package/lodash.rearg) to convert functions.
```js
var ary = require('lodash.ary'),
curry = require('lodash.curry'),
rearg = require('lodash.rearg');
var getobject = require('getobject'),
get = curry(rearg(ary(getobject, 2), [1, 0]), 2);
get('a.b.c')({ 'a': { 'b': { 'c': 'foo' } } });
// → 'foo'
```
Combined with [\_.runInContext](https://lodash.com/docs#runInContext) you could easily create a version of lodash with auto-curried iteratee-first methods. In fact, that’s what [we’ve done](https://togithub.com/lodash/lodash-fp/blob/0.1.0/index.js)! Introducing [lodash-fp](https://www.npmjs.com/package/lodash-fp).
```js
var items = [
{ 'value': _.constant(['a', 'b']) },
{ 'value': _.constant(['b', 'c']) }
];
var getValues = _.flow(
_.map(_.result('value')),
_.flatten,
_.uniq
);
getValues(items);
// => ['a', 'b', 'c']
_.map(parseInt)(['6', '08', '10']);
// → [6, 8, 10]
```
lodash reduces the cost of method wrapping produced by `_.ary`, `_.curry`, & `_.rearg` by using a `WeakMap` to store function metadata. In this way a function is only wrapped once even though it may have `_.ary`, `_.curry`, & `_.rearg` applied.
#### Modules, modules, modules
In lodash v2 we introduced [npm packages](https://www.npmjs.com/browse/keyword/lodash-modularized) per-method as well as bundles of modules for AMD & Node.js. With v3 we’ve improved [lodash-cli’s](https://www.npmjs.com/package/lodash-cli) ability to inline dependencies allowing us to easily customize inlining per method, enabling a better balance between deep dependency graphs & code duplication.
In addition all modularized dependencies now use the `^` version range, instead of the `~`, so they’ll update as needed without you having to worry about it. Moving forward all per-method packages will be independently updated, instead of in bulk, because `lodash-cli` will soon be able to detect changes in packages & automatically bump patch/minor version numbers.
The [lodash](https://www.npmjs.com/package/lodash) & [lodash-compat](https://www.npmjs.com/package/lodash-compat) npm packages now come with modules baked in too.
Perfect for [browserify](http://browserify.org/) and [webpack](http://webpack.github.io/)!
```js
// load the modern build
var _ = require('lodash');
// or a method category
var array = require('lodash/array');
// or a method
var chunk = require('lodash/array/chunk');
```
The method modules are organized by category so they’re [easy to find](https://lodash.com/docs).
lodash is available in a variety of other builds & module formats.
- npm packages for [modern](https://www.npmjs.com/package/lodash), [compatibility](https://www.npmjs.com/package/lodash-compat), & [per method](https://www.npmjs.com/browse/keyword/lodash-modularized) builds
- AMD modules for [modern](https://togithub.com/lodash/lodash/tree/3.0.0-amd) & [compatibility](https://togithub.com/lodash/lodash-compat/tree/3.0.0-amd) builds
- ES modules for the [modern](https://togithub.com/lodash/lodash/tree/3.0.0-es) build
#### Performance
We’ve improved performance 20-40% overall in v3 by better utilizing the JIT in JavaScript engines, using internal helper functions that avoid optimization disqualifications & increase the likelihood of function inlining.
In v3 we’ve also introduced [lazily evaluated](http://filimanjaro.com/blog/2014/introducing-lazy-evaluation/) chaining for [massive performance wins](http://jsperf.com/lazy-demo#chart=bar) in certain scenarios.
As mentioned above we’re using `Set` & `WeakMap` for [performance](http://jsperf.com/array-object-unique/2#chart=bar)-[gains](http://jsperf.com/weakmap-wrap#chart=bar) which all modern browsers, Node.js, & io.js can benefit from.
#### Breaking changes
lodash v3 is a major bump & we’ve introduced several back-compat breaking changes. One such change is that while we still [test against](https://saucelabs.com/u/lodash) Underscore/Backbone unit tests we’re no longer supporting an Underscore/Backbone build. Over the last year we’ve seen Underscore align more & more with lodash’s API so the need for a separate Underscore build has diminished. If you still need compatibility around some of the edges we recommend leveraging modules in lodash v3 to supplement your Underscore use.
Be sure to check out the [changelog](https://togithub.com/lodash/lodash/wiki/Changelog#compatibility-warnings-1) for a full rundown of changes & give [lodash-migrate](https://www.npmjs.com/package/lodash-migrate) a spin to help migrate older lodash code to the latest release.
#### New Core Member
In closing I want to welcome [Benjamin Tan](https://twitter.com/bnjmnt4n) ([bnjmnt4n](https://togithub.com/bnjmnt4n)) as an official core member.
Without the efforts of [contributors](https://togithub.com/lodash/lodash/graphs/contributors), like Benjamin, lodash v3 would not have happened.
If you dig lodash v3 don't forget to star the repo or `npm star lodash`!
### [`v2.4.2`](https://togithub.com/lodash/lodash/compare/2.4.1...2.4.2)
[Compare Source](https://togithub.com/lodash/lodash/compare/2.4.1...2.4.2)
### [`v2.4.1`](https://togithub.com/lodash/lodash/compare/2.4.0...2.4.1)
[Compare Source](https://togithub.com/lodash/lodash/compare/2.4.0...2.4.1)
### [`v2.4.0`](https://togithub.com/lodash/lodash/compare/2.3.0...2.4.0)
[Compare Source](https://togithub.com/lodash/lodash/compare/2.3.0...2.4.0)
### [`v2.3.0`](https://togithub.com/lodash/lodash/compare/2.2.1...2.3.0)
[Compare Source](https://togithub.com/lodash/lodash/compare/2.2.1...2.3.0)
### [`v2.2.1`](https://togithub.com/lodash/lodash/compare/2.2.0...2.2.1)
[Compare Source](https://togithub.com/lodash/lodash/compare/2.2.0...2.2.1)
### [`v2.2.0`](https://togithub.com/lodash/lodash/compare/2.1.0...2.2.0)
[Compare Source](https://togithub.com/lodash/lodash/compare/2.1.0...2.2.0)
### [`v2.1.0`](https://togithub.com/lodash/lodash/compare/2.0.0...2.1.0)
[Compare Source](https://togithub.com/lodash/lodash/compare/2.0.0...2.1.0)
### [`v2.0.0`](https://togithub.com/lodash/lodash/compare/1.3.1...2.0.0)
[Compare Source](https://togithub.com/lodash/lodash/compare/1.3.1...2.0.0)
### [`v1.3.1`](https://togithub.com/lodash/lodash/compare/1.3.0...1.3.1)
[Compare Source](https://togithub.com/lodash/lodash/compare/1.3.0...1.3.1)
### [`v1.3.0`](https://togithub.com/lodash/lodash/compare/1.2.1...1.3.0)
[Compare Source](https://togithub.com/lodash/lodash/compare/1.2.1...1.3.0)
### [`v1.2.1`](https://togithub.com/lodash/lodash/compare/1.2.0...1.2.1)
[Compare Source](https://togithub.com/lodash/lodash/compare/1.2.0...1.2.1)
### [`v1.2.0`](https://togithub.com/lodash/lodash/compare/1.1.1...1.2.0)
[Compare Source](https://togithub.com/lodash/lodash/compare/1.1.1...1.2.0)
### [`v1.1.1`](https://togithub.com/lodash/lodash/compare/1.1.0...1.1.1)
[Compare Source](https://togithub.com/lodash/lodash/compare/1.1.0...1.1.1)
### [`v1.1.0`](https://togithub.com/lodash/lodash/compare/1.0.2...1.1.0)
[Compare Source](https://togithub.com/lodash/lodash/compare/1.0.2...1.1.0)
### [`v1.0.2`](https://togithub.com/lodash/lodash/compare/1.0.1...1.0.2)
[Compare Source](https://togithub.com/lodash/lodash/compare/1.0.1...1.0.2)
### [`v1.0.1`](https://togithub.com/lodash/lodash/compare/1.0.0...1.0.1)
[Compare Source](https://togithub.com/lodash/lodash/compare/1.0.0...1.0.1)
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
1.0.0->4.17.21GitHub Vulnerability Alerts
CVE-2018-3721
Versions of
lodashbefore 4.17.5 are vulnerable to prototype pollution.The vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of
Objectvia__proto__causing the addition or modification of an existing property that will exist on all objects.Recommendation
Update to version 4.17.5 or later.
CVE-2018-16487
Versions of
lodashbefore 4.17.11 are vulnerable to prototype pollution.The vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of
Objectvia{constructor: {prototype: {...}}}causing the addition or modification of an existing property that will exist on all objects.Recommendation
Update to version 4.17.11 or later.
CVE-2019-10744
Versions of
lodashbefore 4.17.12 are vulnerable to Prototype Pollution. The functiondefaultsDeepallows a malicious user to modify the prototype ofObjectvia{constructor: {prototype: {...}}}causing the addition or modification of an existing property that will exist on all objects.Recommendation
Update to version 4.17.12 or later.
CVE-2019-1010266
lodash prior to 4.7.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.7.11.
CVE-2020-28500
All versions of package lodash prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the
toNumber,trimandtrimEndfunctions.Steps to reproduce (provided by reporter Liyuan Chen):
CVE-2021-23337
lodashversions prior to 4.17.21 are vulnerable to Command Injection via the template function.Release Notes
lodash/lodash (lodash)
### [`v4.17.21`](https://togithub.com/lodash/lodash/compare/4.17.20...4.17.21) [Compare Source](https://togithub.com/lodash/lodash/compare/4.17.20...4.17.21) ### [`v4.17.20`](https://togithub.com/lodash/lodash/compare/4.17.19...4.17.20) [Compare Source](https://togithub.com/lodash/lodash/compare/4.17.19...4.17.20) ### [`v4.17.16`](https://togithub.com/lodash/lodash/compare/4.17.15...4.17.16) [Compare Source](https://togithub.com/lodash/lodash/compare/4.17.15...4.17.16) ### [`v4.17.15`](https://togithub.com/lodash/lodash/compare/4.17.14...4.17.15) [Compare Source](https://togithub.com/lodash/lodash/compare/4.17.14...4.17.15) ### [`v4.17.14`](https://togithub.com/lodash/lodash/compare/4.17.13...4.17.14) [Compare Source](https://togithub.com/lodash/lodash/compare/4.17.13...4.17.14) ### [`v4.17.13`](https://togithub.com/lodash/lodash/compare/4.17.12...4.17.13) [Compare Source](https://togithub.com/lodash/lodash/compare/4.17.12...4.17.13) ### [`v4.17.12`](https://togithub.com/lodash/lodash/compare/4.17.11...4.17.12) [Compare Source](https://togithub.com/lodash/lodash/compare/4.17.11...4.17.12) ### [`v4.17.11`](https://togithub.com/lodash/lodash/compare/4.17.10...4.17.11) [Compare Source](https://togithub.com/lodash/lodash/compare/4.17.10...4.17.11) ### [`v4.17.10`](https://togithub.com/lodash/lodash/compare/4.17.9...4.17.10) [Compare Source](https://togithub.com/lodash/lodash/compare/4.17.9...4.17.10) ### [`v4.17.9`](https://togithub.com/lodash/lodash/compare/4.17.5...4.17.9) [Compare Source](https://togithub.com/lodash/lodash/compare/4.17.5...4.17.9) ### [`v4.17.5`](https://togithub.com/lodash/lodash/compare/4.17.4...4.17.5) [Compare Source](https://togithub.com/lodash/lodash/compare/4.17.4...4.17.5) ### [`v4.17.4`](https://togithub.com/lodash/lodash/compare/4.17.3...4.17.4) [Compare Source](https://togithub.com/lodash/lodash/compare/4.17.3...4.17.4) ### [`v4.17.3`](https://togithub.com/lodash/lodash/compare/4.17.2...4.17.3) [Compare Source](https://togithub.com/lodash/lodash/compare/4.17.2...4.17.3) ### [`v4.17.2`](https://togithub.com/lodash/lodash/compare/4.17.1...4.17.2) [Compare Source](https://togithub.com/lodash/lodash/compare/4.17.1...4.17.2) ### [`v4.17.1`](https://togithub.com/lodash/lodash/compare/4.17.0...4.17.1) [Compare Source](https://togithub.com/lodash/lodash/compare/4.17.0...4.17.1) ### [`v4.17.0`](https://togithub.com/lodash/lodash/compare/4.16.6...4.17.0) [Compare Source](https://togithub.com/lodash/lodash/compare/4.16.6...4.17.0) ### [`v4.16.6`](https://togithub.com/lodash/lodash/compare/4.16.5...4.16.6) [Compare Source](https://togithub.com/lodash/lodash/compare/4.16.5...4.16.6) ### [`v4.16.5`](https://togithub.com/lodash/lodash/compare/4.16.4...4.16.5) [Compare Source](https://togithub.com/lodash/lodash/compare/4.16.4...4.16.5) ### [`v4.16.4`](https://togithub.com/lodash/lodash/compare/4.16.3...4.16.4) [Compare Source](https://togithub.com/lodash/lodash/compare/4.16.3...4.16.4) ### [`v4.16.3`](https://togithub.com/lodash/lodash/compare/4.16.2...4.16.3) [Compare Source](https://togithub.com/lodash/lodash/compare/4.16.2...4.16.3) ### [`v4.16.2`](https://togithub.com/lodash/lodash/compare/4.16.1...4.16.2) [Compare Source](https://togithub.com/lodash/lodash/compare/4.16.1...4.16.2) ### [`v4.16.1`](https://togithub.com/lodash/lodash/compare/4.16.0...4.16.1) [Compare Source](https://togithub.com/lodash/lodash/compare/4.16.0...4.16.1) ### [`v4.16.0`](https://togithub.com/lodash/lodash/compare/4.15.0...4.16.0) [Compare Source](https://togithub.com/lodash/lodash/compare/4.15.0...4.16.0) ### [`v4.15.0`](https://togithub.com/lodash/lodash/compare/4.14.2...4.15.0) [Compare Source](https://togithub.com/lodash/lodash/compare/4.14.2...4.15.0) ### [`v4.14.2`](https://togithub.com/lodash/lodash/compare/4.14.1...4.14.2) [Compare Source](https://togithub.com/lodash/lodash/compare/4.14.1...4.14.2) ### [`v4.14.1`](https://togithub.com/lodash/lodash/compare/4.14.0...4.14.1) [Compare Source](https://togithub.com/lodash/lodash/compare/4.14.0...4.14.1) ### [`v4.14.0`](https://togithub.com/lodash/lodash/compare/4.13.1...4.14.0) [Compare Source](https://togithub.com/lodash/lodash/compare/4.13.1...4.14.0) ### [`v4.13.1`](https://togithub.com/lodash/lodash/compare/4.13.0...4.13.1) [Compare Source](https://togithub.com/lodash/lodash/compare/4.13.0...4.13.1) ### [`v4.13.0`](https://togithub.com/lodash/lodash/compare/4.12.0...4.13.0) [Compare Source](https://togithub.com/lodash/lodash/compare/4.12.0...4.13.0) ### [`v4.12.0`](https://togithub.com/lodash/lodash/compare/4.11.2...4.12.0) [Compare Source](https://togithub.com/lodash/lodash/compare/4.11.2...4.12.0) ### [`v4.11.2`](https://togithub.com/lodash/lodash/compare/4.11.1...4.11.2) [Compare Source](https://togithub.com/lodash/lodash/compare/4.11.1...4.11.2) ### [`v4.11.1`](https://togithub.com/lodash/lodash/compare/4.11.0...4.11.1) [Compare Source](https://togithub.com/lodash/lodash/compare/4.11.0...4.11.1) ### [`v4.11.0`](https://togithub.com/lodash/lodash/compare/4.10.0...4.11.0) [Compare Source](https://togithub.com/lodash/lodash/compare/4.10.0...4.11.0) ### [`v4.10.0`](https://togithub.com/lodash/lodash/compare/4.9.0...4.10.0) [Compare Source](https://togithub.com/lodash/lodash/compare/4.9.0...4.10.0) ### [`v4.9.0`](https://togithub.com/lodash/lodash/compare/4.8.2...4.9.0) [Compare Source](https://togithub.com/lodash/lodash/compare/4.8.2...4.9.0) ### [`v4.8.2`](https://togithub.com/lodash/lodash/compare/4.8.1...4.8.2) [Compare Source](https://togithub.com/lodash/lodash/compare/4.8.1...4.8.2) ### [`v4.8.1`](https://togithub.com/lodash/lodash/compare/4.8.0...4.8.1) [Compare Source](https://togithub.com/lodash/lodash/compare/4.8.0...4.8.1) ### [`v4.8.0`](https://togithub.com/lodash/lodash/compare/4.7.0...4.8.0) [Compare Source](https://togithub.com/lodash/lodash/compare/4.7.0...4.8.0) ### [`v4.7.0`](https://togithub.com/lodash/lodash/compare/4.6.1...4.7.0) [Compare Source](https://togithub.com/lodash/lodash/compare/4.6.1...4.7.0) ### [`v4.6.1`](https://togithub.com/lodash/lodash/compare/4.6.0...4.6.1) [Compare Source](https://togithub.com/lodash/lodash/compare/4.6.0...4.6.1) ### [`v4.6.0`](https://togithub.com/lodash/lodash/compare/4.5.1...4.6.0) [Compare Source](https://togithub.com/lodash/lodash/compare/4.5.1...4.6.0) ### [`v4.5.1`](https://togithub.com/lodash/lodash/compare/4.5.0...4.5.1) [Compare Source](https://togithub.com/lodash/lodash/compare/4.5.0...4.5.1) ### [`v4.5.0`](https://togithub.com/lodash/lodash/compare/4.4.0...4.5.0) [Compare Source](https://togithub.com/lodash/lodash/compare/4.4.0...4.5.0) ### [`v4.4.0`](https://togithub.com/lodash/lodash/compare/4.3.0...4.4.0) [Compare Source](https://togithub.com/lodash/lodash/compare/4.3.0...4.4.0) ### [`v4.3.0`](https://togithub.com/lodash/lodash/compare/4.2.1...4.3.0) [Compare Source](https://togithub.com/lodash/lodash/compare/4.2.1...4.3.0) ### [`v4.2.1`](https://togithub.com/lodash/lodash/compare/4.2.0...4.2.1) [Compare Source](https://togithub.com/lodash/lodash/compare/4.2.0...4.2.1) ### [`v4.2.0`](https://togithub.com/lodash/lodash/compare/4.1.0...4.2.0) [Compare Source](https://togithub.com/lodash/lodash/compare/4.1.0...4.2.0) ### [`v4.1.0`](https://togithub.com/lodash/lodash/compare/4.0.1...4.1.0) [Compare Source](https://togithub.com/lodash/lodash/compare/4.0.1...4.1.0) ### [`v4.0.1`](https://togithub.com/lodash/lodash/compare/4.0.0...4.0.1) [Compare Source](https://togithub.com/lodash/lodash/compare/4.0.0...4.0.1) ### [`v4.0.0`](https://togithub.com/lodash/lodash/releases/tag/4.0.0) [Compare Source](https://togithub.com/lodash/lodash/compare/3.10.1...4.0.0) ### [lodash v4.0.0](https://togithub.com/lodash/lodash/wiki/Changelog#v400) 2015 was big year! [Lodash](https://lodash.com/) became the [most depended on](https://gist.github.com/anvaka/8e8fa57c7ee1350e3491#file-01-most-dependent-upon-md) npm package, passed [1 billion](http://npm-stat.com/charts.html?package=\&author=jdalton) downloads, & its v3 release saw massive adoption! The year was also one of collaboration, as discussions began on [merging Lodash & Underscore](https://togithub.com/underdash/underdash/issues/14). Much of Lodash v4 is proofing out the ideas from those discussions. Lodash v4 **would not be possible** without the collaboration & contributions of the Underscore core team. In the spirit of merging our teams have blended with [several members](https://togithub.com/orgs/lodash/people) contributing to both libraries. For 2016 & [lodash v4.0.0](https://togithub.com/lodash/lodash/wiki/Changelog#v400) we wanted to cut loose, push forward, & take things up a notch! #### Modern only With v4 we’re breaking free from [old projects](https://togithub.com/lodash-archive), old environments, & dropping [old IE < 9 support](https://www.microsoft.com/en-us/WindowsForBusiness/End-of-IE-support)! #### 4 kB Core Lodash’s kitchen-sink size will continue to grow as new methods & functionality are added. However, we now offer a 4 kB (gzipped) [core build](https://togithub.com/lodash/lodash/tree/4.0.0/dist) that’s compatible with [Backbone v1.2.4](https://togithub.com/jashkenas/backbone/issues/3839) for folks who want Lodash without lugging around the kitchen sink. #### More ES6 We’ve continued to embrace ES6 with methods like [\_.isSymbol](https://lodash.com/docs#isSymbol), added support for cloning & comparing array buffers, maps, sets, & symbols, converting iterators to arrays, & iterable `_(…)`. In addition, we’ve published an [es-build](https://togithub.com/lodash/lodash/tree/4.0.0-es/) & pulled [babel-plugin-lodash](https://togithub.com/lodash/babel-plugin-lodash) into core to make tree-shaking a breeze. #### More Modular Pop quiz! 📣 What category path does the `bindAll` method belong to? Is it A) `require('lodash/function/bindAll')` B) `require('lodash/utility/bindAll')` C) `require('lodash/util/bindAll')` Don’t know? Well, with v4 it doesn’t matter because now module paths are as simple as ```js var bindAll = require('lodash/bindAll'); ``` We’ve also reduced module complexity making it easier to create smaller bundles. This has helped Lodash adoption with libraries like [Async](https://togithub.com/caolan/async/pull/996) & [Redux](https://togithub.com/rackt/redux/pull/611)! #### 1st Class FP With v3 we introduced [lodash-fp](https://togithub.com/lodash-archive/lodash-fp). We learned a lot & with v4 we decided to [pull it into core](https://togithub.com/lodash/lodash/wiki/FP-Guide). Now you can get immutable, auto-curried, iteratee-first, data-last methods as simply as ```js var _ = require('lodash/fp'); var object = { 'a': 1 }; var source = { 'b': 2 }; var newObject = _.assign(source)(object); console.log(newObject); // => { 'a': 1, 'b': 2 } console.log(object); // => { 'a': 1 } var convert = require('lodash/fp/convert'); var assign = convert('assign', require('lodash.assign')); // works too! ``` #### Chakra Optimized Well actually, while we’re [excited about Chakra](https://blogs.windows.com/msedgedev/2016/01/13/chakracore-now-open/), Lodash is optimized for great performance across **all engines**. Unlike many libraries, we don’t favor a single engine so we can deliver solid performance & support regardless of engine. With v4 we’ve continued our commitment to performance; expanding support for lazy evaluation & improving the performance of core functionality like circular reference detection. #### Emojis Taking things up a notch Lodash v4 has added support for emojis! Includes things like [astral symbols](https://twitter.com/jdalton/status/643438391498010624), [unicode modifiers](https://twitter.com/jdalton/status/647236920448172032), [variation selector characters](https://twitter.com/jdalton/status/645144377229078528), [zero-width joiners](https://twitter.com/jdalton/status/644783287508926464), & [regional indicator symbols](https://twitter.com/jdalton/status/644781038221201408).Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.