From 6498be1290b24e8911278df724b49670e80c684b Mon Sep 17 00:00:00 2001
From: analog-nico <nicolai.kamenzky@testrails.org>
Date: Sun, 3 Nov 2019 17:03:44 -0800
Subject: [PATCH] Version 1.0.8

---
 LICENSE      | 2 +-
 README.md    | 3 +++
 package.json | 2 +-
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/LICENSE b/LICENSE
index d9e1a9d..99b246f 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,6 +1,6 @@
 ISC License
 
-Copyright (c) 2017, Nicolai Kamenzky and contributors
+Copyright (c) 2019, Nicolai Kamenzky and contributors
 
 Permission to use, copy, modify, and/or distribute this software for any
 purpose with or without fee is hereby granted, provided that the above
diff --git a/README.md b/README.md
index 77c7a38..8578c67 100644
--- a/README.md
+++ b/README.md
@@ -49,6 +49,9 @@ If you want to debug a test you should use `gulp test-without-coverage` to run a
 
 ## Change History
 
+- v1.0.8 (2019-11-03)
+    - Security fix: bumped `request-promise-core` which bumps `lodash` to `^4.17.15`. See [vulnerabilty reports](https://snyk.io/vuln/search?q=lodash&type=npm).
+      *(Thanks to @aw-davidson for reporting this in issue [#49](https://github.com/request/request-promise-native/issues/49).)*
 - v1.0.7 (2019-02-14)
     - Corrected mistakenly set `tough-cookie` version, now `^2.3.3`
       *(Thanks to @evocateur for pointing this out.)*
diff --git a/package.json b/package.json
index 887d436..f5d472b 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "request-promise-native",
-  "version": "1.0.7",
+  "version": "1.0.8",
   "description": "The simplified HTTP request client 'request' with Promise support. Powered by native ES6 promises.",
   "keywords": [
     "xhr",