commit | 960f8b99f2560409479159f521a013a3bafa0d15 | [log] [tgz] |
---|---|---|
author | Mitchell Kember <mkember@google.com> | Wed Jan 29 14:56:13 2020 -0800 |
committer | Mitchell Kember <mkember@google.com> | Wed Jan 29 15:12:50 2020 -0800 |
tree | 6ca77a83a52800b43289009acf068f6a24f1f49a | |
parent | 695da29783af80ce938392d7c4a9ce0f3cc3ec75 [diff] |
Fix package-lock.json and update lodash to 4.17.15 This CL removes a duplicate "}," line in package-lock.json, making it possibly to run `npm install` again. This line was probably introduced by a bad merge. This also updates lodash to 4.17.15 as recommended by `npm audit`, addressing the vulnerability https://nodesecurity.io/advisories/1065. The audit also reveals https://nodesecurity.io/advisories/813, a vulnerability in js-yaml used by mocha. This CL does not address this because it would mean going from major version 5 to 7 of mocha, and mocha is not affected by this vulnerability since it uses safeLoad (https://github.com/mochajs/mocha/issues/3880#issuecomment-484794696). Change-Id: I87277d63dd76259dcd8c2c9246f3ec2e4fd1889c