summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--changelogs/unreleased/64416-lodash-4-6-2-for-prototype-pollution.yml5
-rw-r--r--yarn.lock12
2 files changed, 11 insertions, 6 deletions
diff --git a/changelogs/unreleased/64416-lodash-4-6-2-for-prototype-pollution.yml b/changelogs/unreleased/64416-lodash-4-6-2-for-prototype-pollution.yml
new file mode 100644
index 00000000000..cd8885233de
--- /dev/null
+++ b/changelogs/unreleased/64416-lodash-4-6-2-for-prototype-pollution.yml
@@ -0,0 +1,5 @@
+---
+title: Update lodash to 4.7.14 and lodash.mergewith to 4.6.2
+merge_request: 30602
+author: Takuya Noguchi
+type: security
diff --git a/yarn.lock b/yarn.lock
index dc5e0662396..949a9b087bf 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -6992,9 +6992,9 @@ lodash.kebabcase@4.1.1:
integrity sha1-hImxyw0p/4gZXM7KRI/21swpXDY=
lodash.mergewith@^4.6.0:
- version "4.6.0"
- resolved "https://registry.yarnpkg.com/lodash.mergewith/-/lodash.mergewith-4.6.0.tgz#150cf0a16791f5903b8891eab154609274bdea55"
- integrity sha1-FQzwoWeR9ZA7iJHqsVRgknS96lU=
+ version "4.6.2"
+ resolved "https://registry.yarnpkg.com/lodash.mergewith/-/lodash.mergewith-4.6.2.tgz#617121f89ac55f59047c7aec1ccd6654c6590f55"
+ integrity sha512-GK3g5RPZWTRSeLSpgP8Xhra+pnjBC56q9FZYe1d5RN3TJ35dbkGy3YqBSMbyCrlbi+CM9Z3Jk5yTL7RCsqboyQ==
lodash.snakecase@4.1.1:
version "4.1.1"
@@ -7012,9 +7012,9 @@ lodash.upperfirst@4.3.1:
integrity sha1-E2Xt9DFIBIHvDRxolXpe2Z1J984=
lodash@^4.0.0, lodash@^4.13.1, lodash@^4.17.10, lodash@^4.17.11, lodash@^4.17.4, lodash@^4.17.5, lodash@^4.5.0, lodash@~4.17.10:
- version "4.17.11"
- resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.11.tgz#b39ea6229ef607ecd89e2c8df12536891cac9b8d"
- integrity sha512-cQKh8igo5QUhZ7lg38DYWAxMvjSAKG0A8wGSVimP07SIUEK2UO+arSRKbRZWtelMtN5V0Hkwh5ryOto/SshYIg==
+ version "4.17.14"
+ resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.14.tgz#9ce487ae66c96254fe20b599f21b6816028078ba"
+ integrity sha512-mmKYbW3GLuJeX+iGP+Y7Gp1AiGHGbXHCOh/jZmrawMmsE7MS4znI3RL2FsjbqOyMayHInjOeykW7PEajUk1/xw==
log-symbols@^2.0.0, log-symbols@^2.1.0, log-symbols@^2.2.0:
version "2.2.0"