chore(deps): update dependency lodash to v4.17.23 [security]#1673
chore(deps): update dependency lodash to v4.17.23 [security]#1673renovate[bot] wants to merge 1 commit into
Conversation
|
Hi @renovate[bot]! 👋 |
29dc0c8 to
b6965b1
Compare
b6965b1 to
b552a02
Compare
bf32ff9 to
a32e214
Compare
a32e214 to
9ed5db8
Compare
9ed5db8 to
62ab890
Compare
62ab890 to
7b6d78d
Compare
7b6d78d to
147c33a
Compare
Not up to standards ⛔🟢 Coverage
|
| Metric | Results |
|---|---|
| Coverage variation | ✅ +0.00% coverage variation |
| Diff coverage | ✅ ∅ diff coverage |
Coverage variation details
Coverable lines Covered lines Coverage Common ancestor commit (287ed0c) Report Missing Report Missing Report Missing Head commit (dd90aff) 3920 (+0) 3920 (+0) 100.00% (+0.00%) Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch:
<coverage of head commit> - <coverage of common ancestor commit>
Diff coverage details
Coverable lines Covered lines Diff coverage Pull request (#1673) 0 0 ∅ (not applicable) Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified:
<covered lines added or modified>/<coverable lines added or modified> * 100%
1 Codacy didn't receive coverage data for the commit, or there was an error processing the received data. Check your integration for errors and validate that your coverage setup is correct.
NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.
147c33a to
f1e8c38
Compare
Pull request was closed
f1e8c38 to
01bebfb
Compare
01bebfb to
15b3901
Compare
|
15b3901 to
ba59f07
Compare
|
ba59f07 to
b0b6c6d
Compare
6ab4bdf to
29fd41c
Compare
29fd41c to
dd90aff
Compare
|



This PR contains the following updates:
4.17.21→4.17.23Lodash has Prototype Pollution Vulnerability in
_.unsetand_.omitfunctionsCVE-2025-13465 / GHSA-xxjr-mmjv-4gpg
More information
Details
Impact
Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the
_.unsetand_.omitfunctions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes.The issue permits deletion of properties but does not allow overwriting their original behavior.
Patches
This issue is patched on 4.17.23.
Severity
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:PReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Release Notes
lodash/lodash (lodash)
v4.17.23Compare Source
Configuration
📅 Schedule: (in timezone Asia/Shanghai)
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.