Skip to content

Bump lodash-es to 4.17.21 #184

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Copilot wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Bump lodash-es to 4.17.21 #184

Copilot wants to merge 3 commits into from

Conversation

Copy link

Copilot AI commented Feb 4, 2026
edited
Loading

Updates lodash-es from 4.17.15 to 4.17.21+ to address Command Injection and Prototype Pollution vulnerabilities in versions below 4.17.21.

Changes

  • Updated package.json dependency constraint: ^4.17.15^4.17.21
  • Package lock resolved to 4.17.23 (no known vulnerabilities)

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

@JoyceZhu
Bump lodash-es from ^4.17.15 to ^4.17.21
457ff4c 
Co-authored-by: JoyceZhu <6251669+JoyceZhu@users.noreply.github.com>
Copilot AI changed the title [WIP] Bump lodash-es version to 4.17.21 or above Bump lodash-es to 4.17.21 Feb 4, 2026
Copilot AI requested a review from JoyceZhu February 4, 2026 07:27
@JoyceZhu JoyceZhu marked this pull request as ready for review February 4, 2026 07:43
@JoyceZhu JoyceZhu requested a review from a team as a code owner February 4, 2026 07:43
Copilot AI review requested due to automatic review settings February 4, 2026 07:43
@JoyceZhu
Copy link
Contributor

JoyceZhu commented Feb 4, 2026

Fix for https://github.com/github/vuln-mgmt/issues/182492

Copilot AI reviewed Feb 4, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates lodash-es to a non-vulnerable version range to address known security issues in versions prior to 4.17.21.

Changes:

  • Bumped lodash-es dependency constraint from ^4.17.15 to ^4.17.21 in package.json.
  • Updated package-lock.json to match, resolving lodash-es to 4.17.23.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File Description
package.json Updates the lodash-es dependency range to ^4.17.21.
package-lock.json Updates the lockfile dependency entry and resolves lodash-es to 4.17.23.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@JoyceZhu
Update lodash-es version to 4.17.23
f7f0e28 
Updated lodash-es dependency version
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@lindseywild lindseywild lindseywild approved these changes

@JoyceZhu JoyceZhu Awaiting requested review from JoyceZhu

Assignees

@JoyceZhu JoyceZhu

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@JoyceZhu @lindseywild