From 226d47b71345ebf680fc797ebcb33e48b5e3a76e Mon Sep 17 00:00:00 2001 From: Andriy Lysyuk Date: Tue, 14 Apr 2026 17:42:28 +0200 Subject: [PATCH] =?UTF-8?q?fix(security):=20bump=20lodash=204.17.23=20?= =?UTF-8?q?=E2=86=92=204.18.1=20in=20examples/js=20(ENG-14277)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adds overrides entry to block GHSA-r5fr-rjxr-66jc (CVE-2026-4800, CVSS HIGH): lodash _.template code injection via options.imports key names, fixed in 4.18.0. Co-Authored-By: Claude Sonnet 4.6 --- examples/js/package-lock.json | 6 +++--- examples/js/package.json | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/examples/js/package-lock.json b/examples/js/package-lock.json index 9b31203d..a3942f1e 100644 --- a/examples/js/package-lock.json +++ b/examples/js/package-lock.json @@ -1899,9 +1899,9 @@ } }, "node_modules/lodash": { - "version": "4.17.23", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz", - "integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==", + "version": "4.18.1", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.18.1.tgz", + "integrity": "sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==", "dev": true, "license": "MIT" }, diff --git a/examples/js/package.json b/examples/js/package.json index c93b37c1..18fcb2f8 100644 --- a/examples/js/package.json +++ b/examples/js/package.json @@ -26,6 +26,7 @@ "overrides": { "axios": "^1.15.0", "flatted": "^3.4.2", + "lodash": "^4.18.0", "minimatch": "^3.1.3" } }