Commit d865635
authored
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?v=4&size=40){kind=avatar}
chore(dev-deps): update dependency lodash to v4.17.23 [security] (#613)
This PR contains the following updates:
| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Adoption](https://docs.renovatebot.com/merge-confidence/) |
[Passing](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|---|---|
| [lodash](https://lodash.com/)
([source](https://redirect.github.com/lodash/lodash)) | [`4.17.21` →
`4.17.23`](https://renovatebot.com/diffs/npm/lodash/4.17.21/4.17.23) |
|
|
|
|
### GitHub Vulnerability Alerts
####
[CVE-2025-13465](https://redirect.github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg)
### Impact
Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype
pollution in the `_.unset` and `_.omit` functions. An attacker can pass
crafted paths which cause Lodash to delete methods from global
prototypes.
The issue permits deletion of properties but does not allow overwriting
their original behavior.
### Patches
This issue is patched on 4.17.23.
---
### Release Notes
<details>
<summary>lodash/lodash (lodash)</summary>
###
[`v4.17.23`](https://redirect.github.com/lodash/lodash/compare/0082be44648961341600e879042f74cd29d65d05...4.17.23)
[Compare
Source](https://redirect.github.com/lodash/lodash/compare/4.17.21...4.17.23)
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about these
updates again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/RebeccaStevens/deepmerge-ts).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi44NS4xIiwidXBkYXRlZEluVmVyIjoiNDIuODUuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiOmJsdWVfaGVhcnQ6IiwiVHlwZTogTWFpbnRlbmFuY2UiXX0=-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>1 parent a380ece commit d865635
3 files changed
+16
-11
lines changedSome generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
127 | 127 | | |
128 | 128 | | |
129 | 129 | | |
130 | | - | |
| 130 | + | |
131 | 131 | | |
132 | 132 | | |
133 | 133 | | |
| |||
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
0 commit comments