From 810286d69c2ea3f0cff9a2ee1249e046dd39a5eb Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Tue, 4 May 2021 20:38:24 +0000
Subject: [PATCH] build(deps): [security] bump merge from 1.2.1 to 2.1.1

Bumps [merge](https://github.com/yeikos/js.merge) from 1.2.1 to 2.1.1. **This update includes a security fix.**
- [Release notes](https://github.com/yeikos/js.merge/releases)
- [Commits](https://github.com/yeikos/js.merge/compare/v1.2.1...v2.1.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 packages/core/utils/package.json | 2 +-
 yarn.lock                        | 7 ++++++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/packages/core/utils/package.json b/packages/core/utils/package.json
index a87274049f..8d14cc8c3e 100644
--- a/packages/core/utils/package.json
+++ b/packages/core/utils/package.json
@@ -66,7 +66,7 @@
     "fuzzy": "0.1.3",
     "glob": "7.1.4",
     "globule": "1.2.1",
-    "merge": "1.2.1",
+    "merge": "2.1.1",
     "multihashes": "0.4.14",
     "ora": "4.0.3",
     "pretty-ms": "5.1.0",
diff --git a/yarn.lock b/yarn.lock
index 702715e531..d3876fea78 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -15150,7 +15150,12 @@ merge2@^1.2.3:
   resolved "https://registry.yarnpkg.com/merge2/-/merge2-1.2.4.tgz#c9269589e6885a60cf80605d9522d4b67ca646e3"
   integrity sha512-FYE8xI+6pjFOhokZu0We3S5NKCirLbCzSh2Usf3qEyr4X8U+0jNg9P8RZ4qz+V2UoECLVwSyzU3LxXBaLGtD3A==
 
-merge@1.2.1, merge@^1.2.0:
+merge@2.1.1:
+  version "2.1.1"
+  resolved "https://registry.yarnpkg.com/merge/-/merge-2.1.1.tgz#59ef4bf7e0b3e879186436e8481c06a6c162ca98"
+  integrity sha512-jz+Cfrg9GWOZbQAnDQ4hlVnQky+341Yk5ru8bZSe6sIDTCIg8n9i/u7hSQGSVOF3C7lH6mGtqjkiT9G4wFLL0w==
+
+merge@^1.2.0:
   version "1.2.1"
   resolved "https://registry.yarnpkg.com/merge/-/merge-1.2.1.tgz#38bebf80c3220a8a487b6fcfb3941bb11720c145"
   integrity sha512-VjFo4P5Whtj4vsLzsYBu5ayHhoHJ0UqNm7ibvShmbmoz7tGi0vXaoJbGdB+GmDMLUdg8DpQXEIeVDAe8MaABvQ==