首頁 探索 說明
註冊 登入
ylproj
/
jupyterlab
2
0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
瀏覽代碼

Merge pull request #6812 from afshin/lodash-security-patch

Update lodash.mergewith to safe version.
Ian Rose 5 年之前
父節點
2083f7be46 cf9a929164
當前提交
621ae2a760
共有 2 個文件被更改,包括 9 次插入9 次删除
分割檢視 顯示文件統計
  1. 2 2
      jupyterlab/staging/yarn.lock
  2. 7 7
      yarn.lock

+ 2 - 2
jupyterlab/staging/yarn.lock
查看文件 

@@ -3929,7 +3929,7 @@ lodash.isstring@^4.0.1:
 
   resolved "https://registry.yarnpkg.com/lodash.isstring/-/lodash.isstring-4.0.1.tgz#d527dfb5456eca7cc9bb95d5daeaf88ba54a5451"
 
   integrity sha1-1SfftUVuynzJu5XV2ur4i6VKVFE=
 
 
-lodash.mergewith@^4.6.1:
 
+lodash.mergewith@^4.6.2:
 
   version "4.6.2"
 
   resolved "https://registry.yarnpkg.com/lodash.mergewith/-/lodash.mergewith-4.6.2.tgz#617121f89ac55f59047c7aec1ccd6654c6590f55"
 
   integrity sha512-GK3g5RPZWTRSeLSpgP8Xhra+pnjBC56q9FZYe1d5RN3TJ35dbkGy3YqBSMbyCrlbi+CM9Z3Jk5yTL7RCsqboyQ==
 
@@ -5290,7 +5290,7 @@ sanitize-html@~1.20.1:
 
     lodash.escaperegexp "^4.1.2"
 
     lodash.isplainobject "^4.0.6"
 
     lodash.isstring "^4.0.1"
 
-    lodash.mergewith "^4.6.1"
 
+    lodash.mergewith "^4.6.2"
 
     postcss "^7.0.5"
 
     srcset "^1.0.0"
 
     xtend "^4.0.1"

+ 7 - 7
yarn.lock
查看文件 

@@ -7380,7 +7380,7 @@ karma-ie-launcher@^1.0.0:
 
   resolved "https://registry.yarnpkg.com/karma-ie-launcher/-/karma-ie-launcher-1.0.0.tgz#497986842c490190346cd89f5494ca9830c6d59c"
 
   integrity sha1-SXmGhCxJAZA0bNifVJTKmDDG1Zw=
 
   dependencies:
 
-    lodash "^4.6.1"
 
+    lodash "^4.6.2"
 
 
 karma-mocha-reporter@^2.2.5:
 
   version "2.2.5"
 
@@ -7738,10 +7738,10 @@ lodash.isstring@^4.0.1:
 
   resolved "https://registry.yarnpkg.com/lodash.isstring/-/lodash.isstring-4.0.1.tgz#d527dfb5456eca7cc9bb95d5daeaf88ba54a5451"
 
   integrity sha1-1SfftUVuynzJu5XV2ur4i6VKVFE=
 
 
-lodash.mergewith@^4.6.1:
 
-  version "4.6.1"
 
-  resolved "https://registry.yarnpkg.com/lodash.mergewith/-/lodash.mergewith-4.6.1.tgz#639057e726c3afbdb3e7d42741caa8d6e4335927"
 
-  integrity sha512-eWw5r+PYICtEBgrBE5hhlT6aAa75f411bgDz/ZL2KZqYV03USvucsxcHUIlGTDTECs1eunpI7HOV7U+WLDvNdQ==
 
+lodash.mergewith@^4.6.2:
 
+  version "4.6.2"
 
+  resolved "https://registry.npmjs.org/lodash.mergewith/-/lodash.mergewith-4.6.2.tgz#617121f89ac55f59047c7aec1ccd6654c6590f55"
 
+  integrity sha512-GK3g5RPZWTRSeLSpgP8Xhra+pnjBC56q9FZYe1d5RN3TJ35dbkGy3YqBSMbyCrlbi+CM9Z3Jk5yTL7RCsqboyQ==
 
 
 lodash.set@^4.3.2:
 
   version "4.3.2"
 
@@ -7773,7 +7773,7 @@ lodash.uniq@^4.5.0:
 
   resolved "https://registry.yarnpkg.com/lodash.uniq/-/lodash.uniq-4.5.0.tgz#d0225373aeb652adc1bc82e4945339a842754773"
 
   integrity sha1-0CJTc662Uq3BvILklFM5qEJ1R3M=
 
 
-lodash@^4.0.0, lodash@^4.17.0, lodash@^4.17.10, lodash@^4.17.11, lodash@^4.17.3, lodash@^4.17.4, lodash@^4.17.5, lodash@^4.2.1, lodash@^4.6.1:
 
+lodash@^4.0.0, lodash@^4.17.0, lodash@^4.17.10, lodash@^4.17.11, lodash@^4.17.3, lodash@^4.17.4, lodash@^4.17.5, lodash@^4.2.1, lodash@^4.6.2:
 
   version "4.17.11"
 
   resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.11.tgz#b39ea6229ef607ecd89e2c8df12536891cac9b8d"
 
   integrity sha512-cQKh8igo5QUhZ7lg38DYWAxMvjSAKG0A8wGSVimP07SIUEK2UO+arSRKbRZWtelMtN5V0Hkwh5ryOto/SshYIg==
 
@@ -10291,7 +10291,7 @@ sanitize-html@~1.20.1:
 
     lodash.escaperegexp "^4.1.2"
 
     lodash.isplainobject "^4.0.6"
 
     lodash.isstring "^4.0.1"
 
-    lodash.mergewith "^4.6.1"
 
+    lodash.mergewith "^4.6.2"
 
     postcss "^7.0.5"
 
     srcset "^1.0.0"
 
     xtend "^4.0.1"