Bump lodash for a security vulnerability

CVE-2019-10744 lodash/lodash#4336 This is not critical since we only use lodash in development
nebulab · Jul 17, 2019 · 3cca7ff · 3cca7ff
1 parent 7f35c94
commit 3cca7ff
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 0 deletions.
diff --git a/guides/package.json b/guides/package.json
@@ -20,6 +20,7 @@
     "cross-env": "^3.2.3",
     "css-loader": "^0.28.9",
     "extract-text-webpack-plugin": "^3.0.2",
+    "lodash": "^4.17.13",
     "node-sass": "sass/node-sass#v5",
     "postcss-loader": "~2.1.1",
     "randomatic": ">=3.0.0",

diff --git a/guides/yarn.lock b/guides/yarn.lock
@@ -3792,6 +3792,11 @@ lodash@^4.17.10, lodash@^4.17.11, lodash@^4.17.4, lodash@^4.17.5:
   resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.11.tgz#b39ea6229ef607ecd89e2c8df12536891cac9b8d"
   integrity sha512-cQKh8igo5QUhZ7lg38DYWAxMvjSAKG0A8wGSVimP07SIUEK2UO+arSRKbRZWtelMtN5V0Hkwh5ryOto/SshYIg==
 
+lodash@^4.17.13:
+  version "4.17.14"
+  resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.14.tgz#9ce487ae66c96254fe20b599f21b6816028078ba"
+  integrity sha512-mmKYbW3GLuJeX+iGP+Y7Gp1AiGHGbXHCOh/jZmrawMmsE7MS4znI3RL2FsjbqOyMayHInjOeykW7PEajUk1/xw==
+
 longest@^1.0.1:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/longest/-/longest-1.0.1.tgz#30a0b2da38f73770e8294a0d22e6625ed77d0097"