diff --git a/package-lock.json b/package-lock.json
index 486ec72c6..eff8f6317 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -328,9 +328,9 @@
       "dev": true
     },
     "lodash": {
-      "version": "4.17.19",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.19.tgz",
-      "integrity": "sha512-JNvd8XER9GQX0v2qJgsaN/mzFCNA5BRe/j8JN9d+tWyGLSodKQHKFicdwNYzWwI3wjRnaKPsGj1XkBjx/F96DQ=="
+      "version": "4.17.21",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
+      "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg=="
     },
     "lolex": {
       "version": "4.2.0",
diff --git a/package.json b/package.json
index 8f5a739de..cbef73d45 100644
--- a/package.json
+++ b/package.json
@@ -38,7 +38,7 @@
   "dependencies": {
     "basic-auth": "2.0.1",
     "bluebird": "3.7.2",
-    "lodash": "4.17.19",
+    "lodash": "4.17.21",
     "promisify-any": "2.0.1",
     "statuses": "1.5.0",
     "type-is": "1.6.18"