From cf7fdfcc596dfd97efec93fa21ae3694409b8a2c Mon Sep 17 00:00:00 2001
From: Zoltan Kochan <z@kochan.io>
Date: Wed, 28 Apr 2021 23:06:26 +0300
Subject: [PATCH] ci: audit the dependencies

---
 .github/workflows/ci.yml | 2 ++
 package.json             | 3 ++-
 pnpm-lock.yaml           | 7 ++-----
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index b0126ff2d9..807477ad25 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -37,6 +37,8 @@ jobs:
         curl -L https://get.pnpm.io/v6.js | node - add --global pnpm@next npm@7
     - name: pnpm install
       run: pnpm install
+    - name: Audit
+      run: pnpm audit
     - name: run tests (main)
       if: github.ref == 'refs/heads/main'
       run: pnpm run test-main
diff --git a/package.json b/package.json
index 4da6d1c88a..5d733c8b53 100644
--- a/package.json
+++ b/package.json
@@ -54,7 +54,8 @@
       "istanbul-reports": "npm:@zkochan/istanbul-reports",
       "http-errors": "^1.7.3",
       "table@^6.0.3": "6.0.4",
-      "js-yaml@^4.0.0": "npm:@zkochan/js-yaml@0.0.4"
+      "js-yaml@^4.0.0": "npm:@zkochan/js-yaml@0.0.4",
+      "lodash@<4.17.19": "^4.17.9"
     },
     "neverBuiltDependencies": [
       "core-js",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 94888f3262..c05988c41c 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -9,6 +9,7 @@ overrides:
   http-errors: ^1.7.3
   table@^6.0.3: 6.0.4
   js-yaml@^4.0.0: npm:@zkochan/js-yaml@0.0.4
+  lodash@<4.17.19: ^4.17.9
 
 importers:
 
@@ -8634,7 +8635,7 @@ packages:
       cli-cursor: 1.0.2
       cli-width: 1.1.1
       figures: 1.7.0
-      lodash: 3.10.1
+      lodash: 4.17.21
       readline2: 1.0.1
       run-async: 0.1.0
       rx-lite: 3.1.2
@@ -9998,10 +9999,6 @@ packages:
     resolution: {integrity: sha1-lDbjTtJgk+1/+uGTYUQ1CRXZrdg=}
     dev: true
 
-  /lodash/3.10.1:
-    resolution: {integrity: sha1-W/Rejkm6QYnhfUgnid/RW9FAt7Y=}
-    dev: true
-
   /lodash/4.17.21:
     resolution: {integrity: sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==}