From 19e01a0309f0cbbf905d51d6f24f2be916562988 Mon Sep 17 00:00:00 2001
From: Ramya Payyavula <ramyaram48@gmail.com>
Date: Fri, 7 Aug 2020 11:42:58 -0500
Subject: [PATCH] Update package.json

older version of babel and lodash has injection vulnerability. An attacker can inject malicious code via `sourceURL` since it is not sanitized for the user-provided code that leads to the `eval()` function.
---
 package.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/package.json b/package.json
index 100ed8d..75f8cf3 100644
--- a/package.json
+++ b/package.json
@@ -18,11 +18,11 @@
     "test": "mocha --check-leaks --slow 1e3 -r @babel/register"
   },
   "dependencies": {
-    "lodash": "^4.17.4"
+    "lodash": "^4.17.19"
   },
   "devDependencies": {
     "@babel/cli": "^7.0.0-beta.44",
-    "@babel/core": "^7.0.0-beta.44",
+    "@babel/core": "^7.11.2",
     "@babel/preset-env": "^7.0.0-beta.44",
     "@babel/register": "^7.0.0-beta.44",
     "babel-loader": "^8.0.0-beta.2",