diff --git a/src/bindings/ejdb2_node/Changelog b/src/bindings/ejdb2_node/Changelog index 2176cc85e..757948a7e 100644 --- a/src/bindings/ejdb2_node/Changelog +++ b/src/bindings/ejdb2_node/Changelog @@ -1,3 +1,7 @@ +ejdb2_node (1.0.4) + + * fixed CVE-2019-10744 https://github.com/lodash/lodash/pull/4336 + ejdb2_node (1.0.2) * Initial release (#248). \ No newline at end of file diff --git a/src/bindings/ejdb2_node/package.json b/src/bindings/ejdb2_node/package.json index 846ef0635..4e80edad2 100644 --- a/src/bindings/ejdb2_node/package.json +++ b/src/bindings/ejdb2_node/package.json @@ -1,6 +1,6 @@ { "name": "ejdb2_node", - "version": "1.0.4", + "version": "1.0.5", "repository": "https://github.com/Softmotions/ejdb.git", "author": "Anton Adamansky ", "description": "EJDB2 Node.js native binding", @@ -45,6 +45,9 @@ "ava": "^2.2.0", "chai": "^4.2.0" }, + "resolutions": { + "lodash.merge": "4.6.2" + }, "keywords": [ "ejdb", "ejdb2", diff --git a/src/bindings/ejdb2_node/yarn.lock b/src/bindings/ejdb2_node/yarn.lock index 3a8f86b3f..79af7a6c3 100644 --- a/src/bindings/ejdb2_node/yarn.lock +++ b/src/bindings/ejdb2_node/yarn.lock @@ -1899,10 +1899,10 @@ lodash.islength@^4.0.1: resolved "https://registry.yarnpkg.com/lodash.islength/-/lodash.islength-4.0.1.tgz#4e9868d452575d750affd358c979543dc20ed577" integrity sha1-Tpho1FJXXXUK/9NYyXlUPcIO1Xc= -lodash.merge@^4.6.1: - version "4.6.1" - resolved "https://registry.yarnpkg.com/lodash.merge/-/lodash.merge-4.6.1.tgz#adc25d9cb99b9391c59624f379fbba60d7111d54" - integrity sha512-AOYza4+Hf5z1/0Hztxpm2/xiPZgi/cjMqdnKTUWTBSKchJlxXXuUSxCCl8rJlf4g6yww/j6mA8nC8Hw/EZWxKQ== +lodash.merge@4.6.2, lodash.merge@^4.6.1: + version "4.6.2" + resolved "https://registry.yarnpkg.com/lodash.merge/-/lodash.merge-4.6.2.tgz#558aa53b43b661e1925a0afdfa36a9a1085fe57a" + integrity sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ== lodash@^4.17.11: version "4.17.11"