From 17d8f5a6529c01ac7bfc4e6c1b16fb20c2b6427e Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Sat, 25 Jul 2020 19:18:14 +0200
Subject: [PATCH] [[FIX]] Update Lodash to latest 4.17.19 (#3494)

Address vulnerability of type "Prototype Pollution in lodash" https://github.com/advisories/GHSA-p6mc-m468-83gw

It is not sure whether this is at all relevant for jshint, but at the moment, GitHub's Dependabot sends vulnerability alerts to all respositories with a dependency to jshint, e.g.
https://github.com/alexandrainst/node-red-contrib-parser-ini/network/alert/package-lock.json/lodash/open

So it would be nice to issue a new jshint release ASAP to offer an easy way forward for those projects with a (dev) dependency to jshint.

https://github.com/lodash/lodash/wiki/Changelog
---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 6b96a6c656..479534810f 100644
--- a/package.json
+++ b/package.json
@@ -44,7 +44,7 @@
     "console-browserify": "1.1.x",
     "exit": "0.1.x",
     "htmlparser2": "3.8.x",
-    "lodash": "~4.17.11",
+    "lodash": "~4.17.19",
     "minimatch": "~3.0.2",
     "shelljs": "0.3.x",
     "strip-json-comments": "1.0.x"