[Snyk] Security upgrade lodash from 4.17.21 to 4.17.23#499
[Snyk] Security upgrade lodash from 4.17.21 to 4.17.23#499graymalkin77 wants to merge 1 commit intomasterfrom
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-LODASH-15053838
There was a problem hiding this comment.
Pull request overview
This PR upgrades the lodash dependency from version 4.17.21 to 4.17.23 to address a medium severity Prototype Pollution vulnerability (SNYK-JS-LODASH-15053838).
Changes:
- Updated lodash version in package.json to fix security vulnerability
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
|
This is a patch upgrade that resolves a security vulnerability. Version 4.17.23 patches a prototype pollution vulnerability present in earlier versions, including 4.17.21. [1] No breaking changes are documented.
|
Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
package.jsonpackage-lock.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-LODASH-15053838
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Prototype Pollution