Skip to content

Commit 2ecd89f

Browse files
mc-jonesmc-jones
authored
Merge pull request #3726 from artsy/mob/PLATFORM-4080/prototype-pollution-set-value
security: upgrade union-value transitive dependecy to resolve CVE-2019-10747
2 parents b80acc0 + 6f105f8 commit 2ecd89f

File tree

1 file changed

+9
-19
lines changed

1 file changed

+9
-19
lines changed

yarn.lock

+9-19
Original file line numberDiff line numberDiff line change
@@ -7012,7 +7012,7 @@ is-plain-obj@^1.1.0:
70127012
resolved "https://registry.yarnpkg.com/is-plain-obj/-/is-plain-obj-1.1.0.tgz#71a50c8429dfca773c92a390a4a03b39fcd51d3e"
70137013
integrity sha1-caUMhCnfync8kqOQpKA7OfzVHT4=
70147014

7015-
is-plain-object@^2.0.1, is-plain-object@^2.0.3, is-plain-object@^2.0.4:
7015+
is-plain-object@^2.0.3, is-plain-object@^2.0.4:
70167016
version "2.0.4"
70177017
resolved "https://registry.yarnpkg.com/is-plain-object/-/is-plain-object-2.0.4.tgz#2c163b3fafb1b606d9d17928f05c2a1c38e07677"
70187018
integrity sha512-h5PpgXkWitc38BBMYawTYMWJHFZJVnBquFE57xFpjB8pJFiF6gZ+bU+WyI/yqXiFR5mdLsgYNaPe8uao6Uv9Og==
@@ -11119,20 +11119,10 @@ set-blocking@^2.0.0, set-blocking@~2.0.0:
1111911119
resolved "https://registry.yarnpkg.com/set-blocking/-/set-blocking-2.0.0.tgz#045f9782d011ae9a6803ddd382b24392b3d890f7"
1112011120
integrity sha1-BF+XgtARrppoA93TgrJDkrPYkPc=
1112111121

11122-
set-value@^0.4.3:
11123-
version "0.4.3"
11124-
resolved "https://registry.yarnpkg.com/set-value/-/set-value-0.4.3.tgz#7db08f9d3d22dc7f78e53af3c3bf4666ecdfccf1"
11125-
integrity sha1-fbCPnT0i3H945Trzw79GZuzfzPE=
11126-
dependencies:
11127-
extend-shallow "^2.0.1"
11128-
is-extendable "^0.1.1"
11129-
is-plain-object "^2.0.1"
11130-
to-object-path "^0.3.0"
11131-
11132-
set-value@^2.0.0:
11133-
version "2.0.0"
11134-
resolved "https://registry.yarnpkg.com/set-value/-/set-value-2.0.0.tgz#71ae4a88f0feefbbf52d1ea604f3fb315ebb6274"
11135-
integrity sha512-hw0yxk9GT/Hr5yJEYnHNKYXkIA8mVJgd9ditYZCe16ZczcaELYYcfvaXesNACk2O8O0nTiPQcQhGUQj8JLzeeg==
11122+
set-value@^2.0.0, set-value@^2.0.1:
11123+
version "2.0.1"
11124+
resolved "https://registry.yarnpkg.com/set-value/-/set-value-2.0.1.tgz#a18d40530e6f07de4228c7defe4227af8cad005b"
11125+
integrity sha512-JxHc1weCN68wRY0fhCoXpyK55m/XPHafOmK4UWD7m2CI14GMcFypt4w/0+NV5f/ZMby2F6S2wwA7fgynh9gWSw==
1113611126
dependencies:
1113711127
extend-shallow "^2.0.1"
1113811128
is-extendable "^0.1.1"
@@ -12411,14 +12401,14 @@ unified@^6.0.0:
1241112401
x-is-string "^0.1.0"
1241212402

1241312403
union-value@^1.0.0:
12414-
version "1.0.0"
12415-
resolved "https://registry.yarnpkg.com/union-value/-/union-value-1.0.0.tgz#5c71c34cb5bad5dcebe3ea0cd08207ba5aa1aea4"
12416-
integrity sha1-XHHDTLW61dzr4+oM0IIHulqhrqQ=
12404+
version "1.0.1"
12405+
resolved "https://registry.yarnpkg.com/union-value/-/union-value-1.0.1.tgz#0b6fe7b835aecda61c6ea4d4f02c14221e109847"
12406+
integrity sha512-tJfXmxMeWYnczCVs7XAEvIV7ieppALdyepWMkHkwciRpZraG/xwT+s2JN8+pr1+8jCRf80FFzvr+MpQeeoF4Xg==
1241712407
dependencies:
1241812408
arr-union "^3.1.0"
1241912409
get-value "^2.0.6"
1242012410
is-extendable "^0.1.1"
12421-
set-value "^0.4.3"
12411+
set-value "^2.0.1"
1242212412

1242312413
uniq@^1.0.1:
1242412414
version "1.0.1"

0 commit comments

Comments
 (0)