Version 4.2.5

analog-nico · analog-nico · commit fd52247d4ffd · 2019-11-03T16:40:45.000-08:00
diff --git a/LICENSE b/LICENSE
@@ -1,6 +1,6 @@
 ISC License
 
-Copyright (c) 2017, Nicolai Kamenzky, Ty Abonil, and contributors
+Copyright (c) 2019, Nicolai Kamenzky, Ty Abonil, and contributors
 
 Permission to use, copy, modify, and/or distribute this software for any
 purpose with or without fee is hereby granted, provided that the above
diff --git a/README.md b/README.md
@@ -645,6 +645,9 @@ If you want to debug a test you should use `gulp test-without-coverage` to run a
 
 ## Change History
 
+- v4.2.5 (2019-11-03)
+    - Security fix: bumped `request-promise-core` which bumps `lodash` to `^4.17.15`. See [vulnerabilty reports](https://snyk.io/vuln/search?q=lodash&type=npm).
+      *(Thanks to @rishabh-chowdhary for reporting this in pull request [#326](https://github.com/request/promise-core/pull/326).)*
 - v4.2.4 (2019-02-14)
     - Corrected mistakenly set `tough-cookie` version, now `^2.3.3`
       *(Thanks to @evocateur for pointing this out.)*
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "request-promise",
-  "version": "4.2.4",
+  "version": "4.2.5",
   "description": "The simplified HTTP request client 'request' with Promise support. Powered by Bluebird.",
   "keywords": [
     "xhr",

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "request-promise",`
`3`		`- "version": "4.2.4",`
	`3`	`+ "version": "4.2.5",`
`4`	`4`	`"description": "The simplified HTTP request client 'request' with Promise support. Powered by Bluebird.",`
`5`	`5`	`"keywords": [`
`6`	`6`	`"xhr",`