From 26e8d703fc42d78d8aecb913267f2a818d6cf3fc Mon Sep 17 00:00:00 2001
From: Matt Brophy <matt@brophy.org>
Date: Tue, 16 Jul 2019 17:35:05 -0400
Subject: [PATCH] Pin lodash to >=4.17.13 for security reasons

See:
 - https://github.com/lodash/lodash/pull/4336
 - https://snyk.io/vuln/SNYK-JS-LODASH-73638
---
 package-lock.json | 6 +++---
 package.json      | 3 ++-
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 1d49c4b..e84c78d 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -3923,9 +3923,9 @@
       }
     },
     "lodash": {
-      "version": "4.17.11",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz",
-      "integrity": "sha512-cQKh8igo5QUhZ7lg38DYWAxMvjSAKG0A8wGSVimP07SIUEK2UO+arSRKbRZWtelMtN5V0Hkwh5ryOto/SshYIg==",
+      "version": "4.17.14",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.14.tgz",
+      "integrity": "sha512-mmKYbW3GLuJeX+iGP+Y7Gp1AiGHGbXHCOh/jZmrawMmsE7MS4znI3RL2FsjbqOyMayHInjOeykW7PEajUk1/xw==",
       "dev": true
     },
     "lodash.sortby": {
diff --git a/package.json b/package.json
index 551e3a2..76ba0cf 100644
--- a/package.json
+++ b/package.json
@@ -39,6 +39,7 @@
     "eslint-plugin-import": "2.18.0",
     "eslint-plugin-jest": "22.7.2",
     "husky": "3.0.0",
-    "jest": "24.8.0"
+    "jest": "24.8.0",
+    "lodash": "4.17.14"
   }
 }