Require lodash v4.17.21

Addresses GHSA-35jh-r3h4-6jhm Removes previous resolutions for lodash and adds a single resolution. Also, bumps @types/lodash from 4.14.159 to 4.14.170. Signed-off-by: Tommy Markley <markleyt@amazon.com>
opensearch-project · Jun 29, 2021 · 0ae8375 · 0ae8375
1 parent afb56c4
commit 0ae8375
Show file tree

Hide file tree

Showing 6 changed files with 7 additions and 18 deletions.
diff --git a/package.json b/package.json
@@ -80,14 +80,13 @@
     "**/ejs": "^3.1.6",
     "**/fast-deep-equal": "^3.1.1",
     "**/glob-parent": "^6.0.0",
-    "**/graphql-toolkit/lodash": "^4.17.15",
     "**/hoist-non-react-statics": "^3.3.2",
     "**/immer": "^8.0.1",
     "**/isomorphic-fetch/node-fetch": "^2.6.1",
     "**/istanbul-instrumenter-loader/schema-utils": "^1.0.0",
     "**/kind-of": ">=6.0.3",
-    "**/load-grunt-config/lodash": "^4.17.20",
     "**/locutus": "^2.0.14",
+    "**/lodash": "^4.17.21",
     "**/merge": "^2.1.1",
     "**/minimist": "^1.2.5",
     "**/node-jose/node-forge": "^0.10.0",
@@ -297,7 +296,7 @@
     "@types/json5": "^0.0.30",
     "@types/license-checker": "15.0.0",
     "@types/listr": "^0.14.0",
-    "@types/lodash": "^4.14.159",
+    "@types/lodash": "^4.14.170",
     "@types/lru-cache": "^5.1.0",
     "@types/markdown-it": "^0.0.7",
     "@types/minimatch": "^2.0.29",

diff --git a/packages/osd-config-schema/package.json b/packages/osd-config-schema/package.json
@@ -14,7 +14,7 @@
     "tsd": "^0.16.0"
   },
   "peerDependencies": {
-    "lodash": "^4.17.15",
+    "lodash": "^4.17.21",
     "joi": "^13.5.2",
     "moment": "^2.24.0",
     "type-detect": "^4.0.8"

diff --git a/packages/osd-pm/package.json b/packages/osd-pm/package.json
@@ -25,7 +25,7 @@
     "@types/glob": "^7.1.3",
     "@types/globby": "^8.0.0",
     "@types/has-ansi": "^3.0.0",
-    "@types/lodash": "^4.14.159",
+    "@types/lodash": "^4.14.170",
     "@types/log-symbols": "^2.0.0",
     "@types/ncp": "^2.0.1",
     "@types/node": ">=10.17.17 <10.20.0",

diff --git a/packages/osd-telemetry-tools/package.json b/packages/osd-telemetry-tools/package.json
@@ -18,7 +18,7 @@
     "@osd/utility-types": "1.0.0",
     "@types/normalize-path": "^3.0.0",
     "normalize-path": "^3.0.0",
-    "@types/lodash": "^4.14.159",
+    "@types/lodash": "^4.14.170",
     "moment": "^2.24.0",
     "typescript": "4.0.2"
   }

diff --git a/packages/osd-test/package.json b/packages/osd-test/package.json
@@ -18,7 +18,7 @@
     "@osd/dev-utils": "1.0.0",
     "@osd/utils": "1.0.0",
     "@types/joi": "^13.4.2",
-    "@types/lodash": "^4.14.159",
+    "@types/lodash": "^4.14.170",
     "@types/parse-link-header": "^1.0.0",
     "@types/strip-ansi": "^5.2.1",
     "@types/xml2js": "^0.4.5",

diff --git a/yarn.lock b/yarn.lock
@@ -3938,21 +3938,11 @@
   dependencies:
     "@types/lodash" "*"
 
-"@types/lodash@*":
+"@types/lodash@*", "@types/lodash@^4.14.160", "@types/lodash@^4.14.170":
   version "4.14.170"
   resolved "https://registry.yarnpkg.com/@types/lodash/-/lodash-4.14.170.tgz#0d67711d4bf7f4ca5147e9091b847479b87925d6"
   integrity sha512-bpcvu/MKHHeYX+qeEN8GE7DIravODWdACVA1ctevD8CN24RhPZIKMn9ntfAsrvLfSX3cR5RrBKAbYm9bGs0A+Q==
 
-"@types/lodash@^4.14.159":
-  version "4.14.159"
-  resolved "https://registry.yarnpkg.com/@types/lodash/-/lodash-4.14.159.tgz#61089719dc6fdd9c5cb46efc827f2571d1517065"
-  integrity sha512-gF7A72f7WQN33DpqOWw9geApQPh4M3PxluMtaHxWHXEGSN12/WbcEk/eNSqWNQcQhF66VSZ06vCF94CrHwXJDg==
-
-"@types/lodash@^4.14.160":
-  version "4.14.161"
-  resolved "https://registry.yarnpkg.com/@types/lodash/-/lodash-4.14.161.tgz#a21ca0777dabc6e4f44f3d07f37b765f54188b18"
-  integrity sha512-EP6O3Jkr7bXvZZSZYlsgt5DIjiGr0dXP1/jVEwVLTFgg0d+3lWVQkRavYVQszV7dYUwvg0B8R0MBDpcmXg7XIA==
-
 "@types/log-symbols@^2.0.0":
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/@types/log-symbols/-/log-symbols-2.0.0.tgz#7919e2ec3c8d13879bfdcab310dd7a3f7fc9466d"