From f1230789c05fad1aece0eb2637740cb6c84a9f72 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 23 Feb 2021 04:14:43 +0000 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-LODASH-1018905 - https://snyk.io/vuln/SNYK-JS-LODASH-1040724 --- package-lock.json | 16 +++++++++++++--- package.json | 2 +- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index d39b8b3b0e..edf1aa93bf 100644 --- a/package-lock.json +++ b/package-lock.json @@ -12256,9 +12256,9 @@ } }, "lodash": { - "version": "4.17.15", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz", - "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==" + "version": "4.17.21", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" }, "lodash._baseassign": { "version": "3.2.0", @@ -17008,6 +17008,16 @@ "pac-resolver": "^3.0.0", "raw-body": "^2.2.0", "socks-proxy-agent": "^4.0.1" + }, + "dependencies": { + "https-proxy-agent-snyk-fork": { + "version": "git://github.com/snyk/node-https-proxy-agent.git#5e86ccb682d0c833c8daa25ee6f91c670161cd66", + "from": "git://github.com/snyk/node-https-proxy-agent.git#fix/https-agent-vuln", + "requires": { + "agent-base": "^4.3.0", + "debug": "^3.1.0" + } + } } }, "pac-resolver": { diff --git a/package.json b/package.json index 17b43b1ce9..421880f091 100644 --- a/package.json +++ b/package.json @@ -77,7 +77,7 @@ "helmet": "^3.21.1", "imagemin-pngquant": "~6.0.0", "jasmine-core": "~3.0.0", - "lodash": "^4.17.15", + "lodash": "^4.17.21", "lusca": "^1.5.2", "method-override": "^2.3.10", "mongoose": "^4.13.19",