chore(deps): update dependency lodash to v4.17.23 [security] - autoclosed#302
chore(deps): update dependency lodash to v4.17.23 [security] - autoclosed#302renovate[bot] wants to merge 1 commit intomainfrom
Conversation
|
Important Review skippedReview was skipped due to path filters ⛔ Files ignored due to path filters (1)
CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including You can disable this status message by setting the Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #302 +/- ##
===========================
===========================
🚀 New features to boost your workflow:
|
|
Closing in favor of #301 |
renovate
bot
changed the title
1 participant
This PR contains the following updates:
4.17.21→4.17.23GitHub Vulnerability Alerts
CVE-2025-13465
Impact
Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the
_.unsetand_.omitfunctions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes.The issue permits deletion of properties but does not allow overwriting their original behavior.
Patches
This issue is patched on 4.17.23.
Release Notes
lodash/lodash (lodash)
v4.17.23Compare Source
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.