[Security] Bump lodash.template from 4.4.0 to 4.5.0 #190

dependabot-preview · 2019-07-11T00:14:04Z

Bumps lodash.template from 4.4.0 to 4.5.0. This update includes security fixes.

Vulnerabilities fixed

Sourced from The GitHub Security Advisory Database.

High severity vulnerability that affects lodash, lodash-es, lodash-amd, lodash.template, lodash.merge, lodash.mergewith, and lodash.defaultsdeep
Affected versions of lodash are vulnerable to Prototype Pollution.
The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

Affected versions: < 4.5.0

Commits

ab73503 Bump to v4.5.0.
a4f7d4c Rebuild lodash and docs.
cca5ac6 Fix npm-test by removing the call to test-docs.
9f7f9fc Adjust heading order. [ci skip]
6e2fb92 Remove unused baseArity.
4f702e2 Specify utf8 encoding.
b188f90 Add fp tests for iteratee shorthands.
7b93dc9 Ensure clone methods clone expando properties of boolean, number, & string ob...
664d66a Make string tests more consistent.
d9dc0e6 Add _.invertBy tests.
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will not automatically merge this PR because it includes a minor update to a production dependency.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it). To ignore the version in this PR you can just close it
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in the .dependabot/config.yaml file in this repo:

Update frequency (including time of day and day of week)
Automerge options (never/patch/minor, and dev/runtime dependencies)
Pull request limits (per update run and/or open at any time)
Out-of-range updates (receive only lockfile updates, if desired)
Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

Bumps [lodash.template](https://github.com/lodash/lodash) from 4.4.0 to 4.5.0. **This update includes security fixes.** - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.4.0...4.5.0) Signed-off-by: dependabot-preview[bot] <[email protected]>

dependabot-preview bot requested a review from a team as a code owner July 11, 2019 00:14

dependabot-preview bot added dependencies Pull requests that update a dependency file security Pull requests that address a security vulnerability labels Jul 11, 2019

dependabot-preview bot force-pushed the dependabot/npm_and_yarn/lodash.template-4.5.0 branch 4 times, most recently from 145bd0f to 1e41555 Compare July 15, 2019 13:09

dependabot-preview bot force-pushed the dependabot/npm_and_yarn/lodash.template-4.5.0 branch 4 times, most recently from 6908d6e to 165f0da Compare July 29, 2019 12:56

dependabot-preview bot force-pushed the dependabot/npm_and_yarn/lodash.template-4.5.0 branch 2 times, most recently from 19c4006 to 2ab3004 Compare August 5, 2019 13:32

dependabot-preview bot force-pushed the dependabot/npm_and_yarn/lodash.template-4.5.0 branch 3 times, most recently from 511c6ca to 2874c2f Compare August 12, 2019 15:41

dependabot-preview bot force-pushed the dependabot/npm_and_yarn/lodash.template-4.5.0 branch 5 times, most recently from 66a0506 to 4ac5561 Compare August 26, 2019 16:25

dependabot-preview bot force-pushed the dependabot/npm_and_yarn/lodash.template-4.5.0 branch 3 times, most recently from c71bcf3 to c435575 Compare September 2, 2019 17:05

dependabot-preview bot force-pushed the dependabot/npm_and_yarn/lodash.template-4.5.0 branch 3 times, most recently from 2ef5089 to 4b92af5 Compare September 16, 2019 17:09

dependabot-preview bot force-pushed the dependabot/npm_and_yarn/lodash.template-4.5.0 branch 2 times, most recently from e9d1050 to 2bb6919 Compare September 23, 2019 17:18

dependabot-preview bot force-pushed the dependabot/npm_and_yarn/lodash.template-4.5.0 branch from 2bb6919 to 8077524 Compare September 30, 2019 18:52

dependabot-preview bot force-pushed the dependabot/npm_and_yarn/lodash.template-4.5.0 branch 2 times, most recently from 2c50557 to 15b38da Compare September 30, 2019 18:59

dependabot-preview bot force-pushed the dependabot/npm_and_yarn/lodash.template-4.5.0 branch 3 times, most recently from bc0b149 to 7c01d12 Compare October 7, 2019 19:21

dependabot-preview bot force-pushed the dependabot/npm_and_yarn/lodash.template-4.5.0 branch 5 times, most recently from ae7b95a to 41c16d3 Compare October 21, 2019 12:20

dependabot-preview bot force-pushed the dependabot/npm_and_yarn/lodash.template-4.5.0 branch from 41c16d3 to 590386f Compare October 28, 2019 12:23

dependabot-preview bot force-pushed the dependabot/npm_and_yarn/lodash.template-4.5.0 branch 3 times, most recently from b2c9fb2 to 1ecd7fd Compare November 18, 2019 12:37

dependabot-preview bot force-pushed the dependabot/npm_and_yarn/lodash.template-4.5.0 branch from 1ecd7fd to 2d6982d Compare November 18, 2019 19:18

dependabot-preview bot force-pushed the dependabot/npm_and_yarn/lodash.template-4.5.0 branch from 2d6982d to 99f5f92 Compare March 13, 2020 21:53

dependabot-preview bot force-pushed the dependabot/npm_and_yarn/lodash.template-4.5.0 branch from 99f5f92 to c06b2ba Compare August 17, 2020 22:48

dependabot-preview bot force-pushed the dependabot/npm_and_yarn/lodash.template-4.5.0 branch from c06b2ba to d327925 Compare December 10, 2020 17:29

dependabot-preview bot force-pushed the dependabot/npm_and_yarn/lodash.template-4.5.0 branch from d327925 to e59d96f Compare March 8, 2021 12:25

dependabot-preview bot force-pushed the dependabot/npm_and_yarn/lodash.template-4.5.0 branch from e59d96f to 721729c Compare March 29, 2021 17:11

dependabot-preview bot force-pushed the dependabot/npm_and_yarn/lodash.template-4.5.0 branch from 721729c to dabe2fe Compare April 16, 2021 22:10

dependabot-preview bot force-pushed the dependabot/npm_and_yarn/lodash.template-4.5.0 branch from dabe2fe to 6d2c7c6 Compare May 6, 2021 17:07

dependabot-preview bot force-pushed the dependabot/npm_and_yarn/lodash.template-4.5.0 branch from 6d2c7c6 to c4c47a6 Compare June 21, 2021 12:19

dependabot-preview bot force-pushed the dependabot/npm_and_yarn/lodash.template-4.5.0 branch from c4c47a6 to 17da946 Compare August 3, 2021 19:14

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Security] Bump lodash.template from 4.4.0 to 4.5.0 #190

[Security] Bump lodash.template from 4.4.0 to 4.5.0 #190

dependabot-preview bot commented Jul 11, 2019 •

edited

Loading

[Security] Bump lodash.template from 4.4.0 to 4.5.0 #190

Are you sure you want to change the base?

[Security] Bump lodash.template from 4.4.0 to 4.5.0 #190

Conversation

dependabot-preview bot commented Jul 11, 2019 • edited Loading

dependabot-preview bot commented Jul 11, 2019 •

edited

Loading