From 170eaf5ef1e185e557d0c7fb8873cad4d831e7e8 Mon Sep 17 00:00:00 2001
From: vinodkumarsharma276 <vinodkumarsharma276@gmail.com>
Date: Mon, 26 Dec 2022 21:10:51 +0530
Subject: [PATCH] Bump ramda to fix a vulnerability

** DISPUTED ** Prototype poisoning in function mapObjIndexed in Ramda 0.27.0 and earlier allows attackers to compromise integrity or availability of application via supplying a crafted object (that contains an own property "proto") as an argument to the function. NOTE: the vendor disputes this because the observed behavior only means that a user can create objects that the user didn't know would contain custom prototypes.
---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 3b5ed33..e7802ae 100644
--- a/package.json
+++ b/package.json
@@ -30,7 +30,7 @@
   "dependencies": {
     "css": "2.2.4",
     "loader-utils": "1.1.0",
-    "ramda": "0.21.0",
+    "ramda": "^0.27.1",
     "rx": "4.1.0",
     "traverse": "0.6.6",
     "xml2js": "0.4.17"