Skip to content
This repository was archived by the owner on Mar 4, 2020. It is now read-only.

chore(package): bump lodash#1700

Merged
miroslavstastny merged 6 commits intomasterfrom
chore/lodash-bumo
Aug 13, 2019
Merged

chore(package): bump lodash#1700
miroslavstastny merged 6 commits intomasterfrom
chore/lodash-bumo

Conversation

@layershifter
Copy link
Member

@layershifter layershifter commented Jul 22, 2019

Security upgrade

lodash@4.17.11 contains a security vulnerability:

I also have to upgrade snyk and syncpack because they had direct dependency on vulnerable version.

@DustyTheBot
Copy link
Collaborator

DustyTheBot commented Jul 22, 2019
edited
Loading

Warnings
⚠️ Package (or peer) dependencies changed. Make sure you have approval before merging!

Changed dependencies are detected.

Changed dependencies in packages/react/package.json

package before after
lodash ^4.17.11 ^4.17.15

Changed dependencies are detected.

Changed dependencies in packages/react-proptypes/package.json

package before after
lodash ^4.17.11 ^4.17.15

Generated by 🚫 dangerJS

@codecov
Copy link

codecov bot commented Jul 22, 2019
edited
Loading

Codecov Report

Merging #1700 into master will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master    #1700   +/-   ##
=======================================
  Coverage   70.03%   70.03%           
=======================================
  Files         867      867           
  Lines        7433     7433           
  Branches     2164     2164           
=======================================
  Hits         5206     5206           
  Misses       2219     2219           
  Partials        8        8

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 4574256...f71488f. Read the comment docs.

levithomason
levithomason approved these changes Jul 23, 2019
View reviewed changes
Copy link
Member

@levithomason levithomason left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@miroslavstastny miroslavstastny merged commit ab1d1a6 into master Aug 13, 2019
@delete-merged-branch delete-merged-branch bot deleted the chore/lodash-bumo branch August 13, 2019 10:53
layershifter added a commit that referenced this pull request Aug 19, 2019
@layershifter
chore(package): bump lodash (#1700)
968fa29 
* wip

* yarn.lock

* Add lodash@4.17.15 to approved dependencies

* changelog

(cherry picked from commit ab1d1a6)
@layershifter layershifter mentioned this pull request Aug 19, 2019
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@dvdzkwsk dvdzkwsk Awaiting requested review from dvdzkwsk

@kuzhelov kuzhelov Awaiting requested review from kuzhelov

@miroslavstastny miroslavstastny Awaiting requested review from miroslavstastny miroslavstastny is a code owner

@mnajdova mnajdova Awaiting requested review from mnajdova

1 more reviewer

@levithomason levithomason levithomason approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

🗑️ chore 🚀 ready for review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@layershifter @DustyTheBot @levithomason @miroslavstastny