Skip to content

Fix Dependabot alerts for lodash and defu#1536

Merged
priyanshu92 merged 1 commit intomainfrom
users/priyanshuag/fix-dependabot-lodash-defu
Apr 6, 2026
Merged

Fix Dependabot alerts for lodash and defu#1536
priyanshu92 merged 1 commit intomainfrom
users/priyanshuag/fix-dependabot-lodash-defu

Conversation

@priyanshu92
Copy link
Copy Markdown
Contributor

@priyanshu92 priyanshu92 commented Apr 6, 2026
edited
Loading

  • Update lodash override from ^4.17.23 to ^4.18.0 to fix prototype pollution (GHSA # 159) and code injection (GHSA # 160)
  • Add defu override ^6.1.5 to fix prototype pollution via proto key (GHSA # 161)
  • Regenerate package-lock.json

@claude
Fix Dependabot alerts for lodash and defu
f93eb0c 
- Update lodash override from ^4.17.23 to ^4.18.0 to fix
  prototype pollution (GHSA #159) and code injection (GHSA #160)
- Add defu override ^6.1.5 to fix prototype pollution via
  __proto__ key (GHSA #161)
- Regenerate package-lock.json

Co-Authored-By: Claude Opus 4.6 (1M context)(Internal only) <noreply@anthropic.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@priyanshu92 priyanshu92 requested review from a team as code owners April 6, 2026 04:11
@priyanshu92 priyanshu92 enabled auto-merge (squash) April 6, 2026 04:12
@priyanshu92 priyanshu92 merged commit dfa94bb into main Apr 6, 2026
8 checks passed
@priyanshu92 priyanshu92 deleted the users/priyanshuag/fix-dependabot-lodash-defu branch April 6, 2026 06:34
@amitjoshi438 amitjoshi438 mentioned this pull request Apr 9, 2026
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@amitjoshi438 amitjoshi438 amitjoshi438 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@priyanshu92 @amitjoshi438