Releases: moccu/babel-browserslist-loader
Releases · moccu/babel-browserslist-loader
1.0.1
- Update dependencies to fix prototype pollution vulnerabilities
- CVE-2018-16487 - A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.
- CVE-2018-16469 - The merge.recursive function in the merge package in versions before 1.2.1 can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all objects allowing for a denial of service attack.
- Use latest @moccu/eslint-config