Skip to content

Commit

Permalink
updated lodash and lodash.merge dependencies to newer version. (#16214)
Browse files Browse the repository at this point in the history 
Versions of lodash before 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep allows a malicious user to modify the prototype of Object via {constructor: {prototype: {...}}} causing the addition or modification of an existing property that will exist on all objects.
CVE-2019-10744

Co-authored-by: Andrii Kozin <[email protected]>
  • Loading branch information
@sbalia @andrii-z4i
sbalia and andrii-z4i authored May 10, 2022
1 parent 7a764c1 commit 634a6eb
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 12 deletions.
20 changes: 10 additions & 10 deletions Tasks/AppCenterTestV1/package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion Tasks/AppCenterTestV1/task.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
"author": "Microsoft Corporation",
"version": {
"Major": 1,
"Minor": 198,
"Minor": 205,
"Patch": 0
},
"groups": [
Expand Down
2 changes: 1 addition & 1 deletion Tasks/AppCenterTestV1/task.loc.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
"author": "Microsoft Corporation",
"version": {
"Major": 1,
"Minor": 198,
"Minor": 205,
"Patch": 0
},
"groups": [
Expand Down

0 comments on commit 634a6eb

Please sign in to comment.