Skip to content

Update dependency lodash to v4.17.23 [SECURITY]#4711

Open
renovate[bot] wants to merge 1 commit intomasterfrom
renovate/npm-lodash-vulnerability
Open

Update dependency lodash to v4.17.23 [SECURITY]#4711
renovate[bot] wants to merge 1 commit intomasterfrom
renovate/npm-lodash-vulnerability

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Jan 28, 2026
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
lodash (source) 4.17.214.17.23 age confidence

GitHub Vulnerability Alerts

CVE-2025-13465

Impact

Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes.

The issue permits deletion of properties but does not allow overwriting their original behavior.

Patches

This issue is patched on 4.17.23.

Release Notes

lodash/lodash (lodash)

v4.17.23

Compare Source

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@greptile-apps
Copy link
Contributor

greptile-apps bot commented Jan 28, 2026

No reviewable files after applying ignore patterns.

@codecov
Copy link

codecov bot commented Jan 28, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 44.34%. Comparing base (1d5955f) to head (9ee5c53).

Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #4711   +/-   ##
=======================================
  Coverage   44.34%   44.34%           
=======================================
  Files         812      812           
  Lines       32647    32647           
  Branches     5709     5709           
=======================================
  Hits        14476    14476           
  Misses      16177    16177           
  Partials     1994     1994
Flag Coverage Δ
api-python 92.65% <ø> (ø)
catalog 19.44% <ø> (ø)
lambda 96.63% <ø> (ø)
py-shared 98.18% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@renovate renovate bot force-pushed the renovate/npm-lodash-vulnerability branch 11 times, most recently from 192cb44 to 07ba9e7 Compare January 28, 2026 19:55
@renovate renovate bot force-pushed the renovate/npm-lodash-vulnerability branch 2 times, most recently from 8fbf2c8 to 8cc5f40 Compare February 10, 2026 03:06
@renovate renovate bot changed the title chore(deps): update dependency lodash to v4.17.23 [security] Update dependency lodash to v4.17.23 [SECURITY] Feb 10, 2026
@renovate renovate bot force-pushed the renovate/npm-lodash-vulnerability branch 4 times, most recently from 6f5f804 to 56603dc Compare February 12, 2026 02:51
@renovate renovate bot force-pushed the renovate/npm-lodash-vulnerability branch from 56603dc to 9ee5c53 Compare February 12, 2026 02:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

js dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants