From e549a7fb1f364395c20522e5395e22a2bf434ed0 Mon Sep 17 00:00:00 2001 From: Takuya Noguchi Date: Mon, 1 Jul 2019 18:49:53 +0900 Subject: Update mixin-deep to 1.3.2 To address a Prototype Pollution vulnerability, which exists in `mixin-deep` package, versions `>=2.0.0 <2.0.1 || <1.3.2` (CVE-2019-10746). - Diff: https://github.com/jonschlinkert/mixin-deep/compare/1.3.1...1.3.2 - Synk ID: https://app.snyk.io/vuln/SNYK-JS-MIXINDEEP-450212 Signed-off-by: Takuya Noguchi --- changelogs/unreleased/63945-update-mixin-deep-to-1-3-2.yml | 5 +++++ yarn.lock | 6 +++--- 2 files changed, 8 insertions(+), 3 deletions(-) create mode 100644 changelogs/unreleased/63945-update-mixin-deep-to-1-3-2.yml diff --git a/changelogs/unreleased/63945-update-mixin-deep-to-1-3-2.yml b/changelogs/unreleased/63945-update-mixin-deep-to-1-3-2.yml new file mode 100644 index 00000000000..a0ef34f3700 --- /dev/null +++ b/changelogs/unreleased/63945-update-mixin-deep-to-1-3-2.yml @@ -0,0 +1,5 @@ +--- +title: Update mixin-deep to 1.3.2 +merge_request: 30223 +author: Takuya Noguchi +type: other diff --git a/yarn.lock b/yarn.lock index 07b4e20fc5f..901f7fbd6fb 100644 --- a/yarn.lock +++ b/yarn.lock @@ -7534,9 +7534,9 @@ mississippi@^3.0.0: through2 "^2.0.0" mixin-deep@^1.2.0: - version "1.3.1" - resolved "https://registry.yarnpkg.com/mixin-deep/-/mixin-deep-1.3.1.tgz#a49e7268dce1a0d9698e45326c5626df3543d0fe" - integrity sha512-8ZItLHeEgaqEvd5lYBXfm4EZSFCX29Jb9K+lAHhDKzReKBQKj3R+7NOF6tjqYi9t4oI8VUfaWITJQm86wnXGNQ== + version "1.3.2" + resolved "https://registry.yarnpkg.com/mixin-deep/-/mixin-deep-1.3.2.tgz#1120b43dc359a785dce65b55b82e257ccf479566" + integrity sha512-WRoDn//mXBiJ1H40rqa3vH0toePwSsGb45iInWlTySa+Uu4k3tYUSxa2v1KqAiLtvlrSzaExqS1gtk96A9zvEA== dependencies: for-in "^1.0.2" is-extendable "^1.0.1" -- cgit v1.2.1