security: update dependency lodash

FantasticFiasco · Jul 18, 2020 · bb8551b · bb8551b
1 parent 5923450
commit bb8551b
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,6 +10,10 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/) and this p
 
 - Support for GNU Affero General Public License v3.0 only (AGPL-3.0-only) licenses
 
+### :policeman: Security
+
+- Security vulnerability in transient dependency `lodash`
+
 ## [1.1.3] - 2020-07-14
 
 ### :syringe: Fixed

diff --git a/package.json b/package.json
@@ -43,6 +43,7 @@
     "@actions/http-client": ">=1.0.8",
     "acorn": ">=7.1.1",
     "kind-of": ">=6.0.3",
+    "lodash": ">=4.17.19",
     "minimist": ">=1.2.2"
   }
 }
diff --git a/yarn.lock b/yarn.lock
@@ -2668,10 +2668,10 @@ lodash.sortby@^4.7.0:
   resolved "https://registry.yarnpkg.com/lodash.sortby/-/lodash.sortby-4.7.0.tgz#edd14c824e2cc9c1e0b0a1b42bb5210516a42438"
   integrity sha1-7dFMgk4sycHgsKG0K7UhBRakJDg=
 
-lodash@^4.17.13, lodash@^4.17.15:
-  version "4.17.15"
-  resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.15.tgz#b447f6670a0455bbfeedd11392eff330ea097548"
-  integrity sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==
+lodash@>=4.17.19, lodash@^4.17.13, lodash@^4.17.15:
+  version "4.17.19"
+  resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.19.tgz#e48ddedbe30b3321783c5b4301fbd353bc1e4a4b"
+  integrity sha512-JNvd8XER9GQX0v2qJgsaN/mzFCNA5BRe/j8JN9d+tWyGLSodKQHKFicdwNYzWwI3wjRnaKPsGj1XkBjx/F96DQ==
 
 log-driver@^1.2.7:
   version "1.2.7"