From 50c6e39dec2a342997249ff2b4f68493090707c2 Mon Sep 17 00:00:00 2001
From: "bart.hooghe" <bart.hooghe@ocado.com>
Date: Thu, 27 Jun 2019 15:51:52 +0100
Subject: [PATCH 1/2] fix(security): bumping lodash to fixed version

---
 package.json | 2 +-
 yarn.lock    | 6 +++++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/package.json b/package.json
index e3d34ff9..e9c0b02f 100644
--- a/package.json
+++ b/package.json
@@ -104,7 +104,7 @@
     "can-use-dom": "^0.1.0",
     "google-maps-infobox": "^2.0.0",
     "invariant": "^2.2.1",
-    "lodash": "^4.16.2",
+    "lodash": "4.17.11",
     "marker-clusterer-plus": "^2.1.4",
     "markerwithlabel": "^2.0.1",
     "prop-types": "^15.5.8",
diff --git a/yarn.lock b/yarn.lock
index 2a8bdddb..db4819ae 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -5436,7 +5436,11 @@ lodash.uniq@^4.5.0:
   version "4.5.0"
   resolved "https://registry.yarnpkg.com/lodash.uniq/-/lodash.uniq-4.5.0.tgz#d0225373aeb652adc1bc82e4945339a842754773"
 
-"lodash@>=3.5 <5", lodash@^4.0.0, lodash@^4.13.1, lodash@^4.14.0, lodash@^4.15.0, lodash@^4.16.2, lodash@^4.17.2, lodash@^4.17.3, lodash@^4.17.4, lodash@^4.2.0, lodash@^4.2.1, lodash@^4.3.0:
+lodash@4.17.11:
+  version "4.17.11"
+  resolved "http://maven.ocado.com/nexus/content/groups/npm-web-release-group/lodash/-/lodash-4.17.11.tgz#b39ea6229ef607ecd89e2c8df12536891cac9b8d"
+
+"lodash@>=3.5 <5", lodash@^4.0.0, lodash@^4.13.1, lodash@^4.14.0, lodash@^4.15.0, lodash@^4.17.2, lodash@^4.17.3, lodash@^4.17.4, lodash@^4.2.0, lodash@^4.2.1, lodash@^4.3.0:
   version "4.17.4"
   resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.4.tgz#78203a4d1c328ae1d86dca6460e369b57f4055ae"
 

From a036534330d43d07f31b9b87aa56fb27c07a08fc Mon Sep 17 00:00:00 2001
From: "bart.hooghe" <bart.hooghe@ocado.com>
Date: Thu, 27 Jun 2019 16:49:16 +0100
Subject: [PATCH 2/2] fix(security): bumping lodash to fixed version, from yarn
 registry

---
 yarn.lock | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/yarn.lock b/yarn.lock
index db4819ae..f30d32ef 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -5438,7 +5438,7 @@ lodash.uniq@^4.5.0:
 
 lodash@4.17.11:
   version "4.17.11"
-  resolved "http://maven.ocado.com/nexus/content/groups/npm-web-release-group/lodash/-/lodash-4.17.11.tgz#b39ea6229ef607ecd89e2c8df12536891cac9b8d"
+  resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.11.tgz#b39ea6229ef607ecd89e2c8df12536891cac9b8d"
 
 "lodash@>=3.5 <5", lodash@^4.0.0, lodash@^4.13.1, lodash@^4.14.0, lodash@^4.15.0, lodash@^4.17.2, lodash@^4.17.3, lodash@^4.17.4, lodash@^4.2.0, lodash@^4.2.1, lodash@^4.3.0:
   version "4.17.4"