Skip to content

Commit 844f0c5

Browse files
renovate[bot]renovate[bot]
authored
📦 (deps-dev) lodash@4.17.23 [SECURITY] [skip ci] (#2515)
<!-- COMMIT_BODY_TEXT_BEGIN --> This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Adoption](https://docs.renovatebot.com/merge-confidence/) | [Passing](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---|---|---| | [lodash](https://lodash.com/) ([source](https://redirect.github.com/lodash/lodash)) | [`4.17.21` → `4.17.23`](https://renovatebot.com/diffs/npm/lodash/4.17.21/4.17.23) | ![age](https://developer.mend.io/api/mc/badges/age/npm/lodash/4.17.23?slim=true) | ![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/lodash/4.17.23?slim=true) | ![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/lodash/4.17.21/4.17.23?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/lodash/4.17.21/4.17.23?slim=true) | ### GitHub Vulnerability Alerts #### [CVE-2025-13465](https://redirect.github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg) ### Impact Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the `_.unset` and `_.omit` functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their original behavior. ### Patches This issue is patched on 4.17.23. --- ### Release Notes <details> <summary>lodash/lodash (lodash)</summary> ### [`v4.17.23`](https://redirect.github.com/lodash/lodash/compare/0082be44648961341600e879042f74cd29d65d05...4.17.23) [Compare Source](https://redirect.github.com/lodash/lodash/compare/4.17.21...4.17.23) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- <!-- COMMIT_BODY_TEXT_END --> <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi44NS4xIiwidXBkYXRlZEluVmVyIjoiNDIuODUuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsi8J+Tpu+4jyBEZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
1 parent 0deed28 commit 844f0c5

File tree

9 files changed

+22
-22
lines changed

9 files changed

+22
-22
lines changed

config/eslint-config/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@
4040
},
4141
"devDependencies": {
4242
"@types/lodash": "4.17.23",
43-
"lodash": "4.17.21",
43+
"lodash": "4.17.23",
4444
"storybook": "9.1.17",
4545
"tailwindcss": "4.1.18",
4646
"typescript": "5.9.3"

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -56,7 +56,7 @@
5656
"dotenv": "17.2.3",
5757
"is-ci": "4.1.0",
5858
"lint-staged": "16.2.7",
59-
"lodash": "4.17.21",
59+
"lodash": "4.17.23",
6060
"semantic-release": "25.0.2",
6161
"syncpack": "14.0.0-alpha.34",
6262
"tsdown": "0.15.12",

packages/conventional-gitmoji/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,7 @@
4141
"devDependencies": {
4242
"@types/lodash": "4.17.23",
4343
"gitmojis": "3.15.0",
44-
"lodash": "4.17.21"
44+
"lodash": "4.17.23"
4545
},
4646
"publishConfig": {
4747
"registry": "https://registry.npmjs.org/"

packages/design-system/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -109,7 +109,7 @@
109109
"@types/lodash": "4.17.23",
110110
"cmdk": "1.1.1",
111111
"framer-motion": "12.25.0",
112-
"lodash": "4.17.21",
112+
"lodash": "4.17.23",
113113
"next": "15.5.9",
114114
"react": "19.0.0-rc-66855b96-20241106",
115115
"react-dom": "19.0.0-rc-66855b96-20241106",

packages/notion/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -46,7 +46,7 @@
4646
"devDependencies": {
4747
"@jeromefitz/utils": "workspace:*",
4848
"@types/lodash": "4.17.23",
49-
"lodash": "4.17.21"
49+
"lodash": "4.17.23"
5050
},
5151
"publishConfig": {
5252
"registry": "https://registry.npmjs.org/"

packages/release-notes-generator/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,7 @@
4343
},
4444
"devDependencies": {
4545
"@types/lodash": "4.17.23",
46-
"lodash": "4.17.21"
46+
"lodash": "4.17.23"
4747
},
4848
"publishConfig": {
4949
"registry": "https://registry.npmjs.org/"

packages/spotify/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,7 @@
4343
"devDependencies": {
4444
"@jeromefitz/utils": "workspace:*",
4545
"@types/lodash": "4.17.23",
46-
"lodash": "4.17.21",
46+
"lodash": "4.17.23",
4747
"sharp": "0.32.6"
4848
},
4949
"publishConfig": {

packages/utils/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@
3838
},
3939
"devDependencies": {
4040
"@types/lodash": "4.17.23",
41-
"lodash": "4.17.21"
41+
"lodash": "4.17.23"
4242
},
4343
"publishConfig": {
4444
"registry": "https://registry.npmjs.org/"

pnpm-lock.yaml

Lines changed: 14 additions & 14 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)