Update mixin-deep to 1.3.2
What does this MR do?
Updates mixin-deep from 1.3.1 to 1.3.2 to address a Prototype Pollution vulnerability, which exists in mixin-deep package, versions >=2.0.0 <2.0.1 || <1.3.2 (CVE-2019-10746).
- from: https://www.npmjs.com/package/mixin-deep/v/1.3.1
- to: https://www.npmjs.com/package/mixin-deep/v/1.3.2
- 2 commits (github.com): https://github.com/jonschlinkert/mixin-deep/compare/1.3.1...1.3.2
- Synk ID: https://app.snyk.io/vuln/SNYK-JS-MIXINDEEP-450212
mixin-deep package is required by webpack.
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry - [n/a] Documentation created/updated or follow-up review issue created
-
Code review guidelines -
Merge request performance guidelines - [n/a] Style guides
- [n/a] Database guides
- [n/a] Separation of EE specific content
Performance and testing
- [-] Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
- [-] Tested in all supported browsers
Security
- [n/a] Label as security and @ mention
@gitlab-com/gl-security/appsec - [n/a] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
- [n/a] Security reports checked/validated by a reviewer from the AppSec team
Closes #63945 (closed)
Edited by Takuya Noguchi