From 9aad253c77a38f35b647f4ad5a08277a1c2dbb91 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 1 Feb 2022 16:06:31 +0000 Subject: [PATCH] fix: package.json & yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/npm:underscore.string:20170908 --- package.json | 2 +- yarn.lock | 12 +++++++----- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/package.json b/package.json index 8bd88271..3ed12797 100644 --- a/package.json +++ b/package.json @@ -29,7 +29,7 @@ "event-stream": "3.3.4", "grunt-contrib-copy": "^1.0.0", "susy": "^2.2.12", - "underscore.string": "3.3.5" + "underscore.string": "3.3.6" }, "devDependencies": { "autoprefixer": "^7.1.1", diff --git a/yarn.lock b/yarn.lock index b8f9ca83..c3c4bd59 100644 --- a/yarn.lock +++ b/yarn.lock @@ -7997,9 +7997,10 @@ split@^1.0.0: dependencies: through "2" -sprintf-js@^1.0.3: +sprintf-js@^1.1.1: version "1.1.2" resolved "https://registry.yarnpkg.com/sprintf-js/-/sprintf-js-1.1.2.tgz#da1765262bf8c0f571749f2ad6c26300207ae673" + integrity sha512-VE0SOVEHCk7Qc8ulkWw3ntAzXuqf7S2lvwQaDLRnUeIEaKNQJzV6BwmLKhOqT61aGhfUMrXeaBk+oDGCzvhcug== sprintf-js@~1.0.2: version "1.0.3" @@ -8696,11 +8697,12 @@ unc-path-regex@^0.1.2: version "0.1.2" resolved "https://registry.yarnpkg.com/unc-path-regex/-/unc-path-regex-0.1.2.tgz#e73dd3d7b0d7c5ed86fbac6b0ae7d8c6a69d50fa" -underscore.string@3.3.5: - version "3.3.5" - resolved "https://registry.yarnpkg.com/underscore.string/-/underscore.string-3.3.5.tgz#fc2ad255b8bd309e239cbc5816fd23a9b7ea4023" +underscore.string@3.3.6: + version "3.3.6" + resolved "https://registry.yarnpkg.com/underscore.string/-/underscore.string-3.3.6.tgz#ad8cf23d7423cb3b53b898476117588f4e2f9159" + integrity sha512-VoC83HWXmCrF6rgkyxS9GHv8W9Q5nhMKho+OadDJGzL2oDYbYEppBaCMH6pFlwLeqj2QS+hhkw2kpXkSdD1JxQ== dependencies: - sprintf-js "^1.0.3" + sprintf-js "^1.1.1" util-deprecate "^1.0.2" underscore.string@~3.2.3: