Misthios/grafana-zabbix
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

chore(deps): update dependency lodash to v4.17.23 [security] (#2236)

Browse Source 
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [lodash](https://lodash.com/)
([source](https://redirect.github.com/lodash/lodash)) | [`4.17.21` →
`4.17.23`](https://renovatebot.com/diffs/npm/lodash/4.17.21/4.17.23) |
![age](https://developer.mend.io/api/mc/badges/age/npm/lodash/4.17.23?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/lodash/4.17.21/4.17.23?slim=true)
|

### GitHub Vulnerability Alerts

####
[CVE-2025-13465](https://redirect.github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg)

### Impact

Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype
pollution in the `_.unset` and `_.omit` functions. An attacker can pass
crafted paths which cause Lodash to delete methods from global
prototypes.

The issue permits deletion of properties but does not allow overwriting
their original behavior.

### Patches

This issue is patched on 4.17.23.

---

### Lodash has Prototype Pollution Vulnerability in `_.unset` and
`_.omit` functions
[CVE-2025-13465](https://nvd.nist.gov/vuln/detail/CVE-2025-13465) /
[GHSA-xxjr-mmjv-4gpg](https://redirect.github.com/advisories/GHSA-xxjr-mmjv-4gpg)

<details>
<summary>More information</summary>

#### Details
##### Impact

Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype
pollution in the `_.unset` and `_.omit` functions. An attacker can pass
crafted paths which cause Lodash to delete methods from global
prototypes.

The issue permits deletion of properties but does not allow overwriting
their original behavior.

##### Patches

This issue is patched on 4.17.23.

#### Severity
- CVSS Score: 6.9 / 10 (Medium)
- Vector String:
`CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:P`

#### References
-
[https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg](https://redirect.github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg)
-
[https://nvd.nist.gov/vuln/detail/CVE-2025-13465](https://nvd.nist.gov/vuln/detail/CVE-2025-13465)
-
[edadd45214)
-
[https://github.com/lodash/lodash](https://redirect.github.com/lodash/lodash)

This data is provided by
[OSV](https://osv.dev/vulnerability/GHSA-xxjr-mmjv-4gpg) and the [GitHub
Advisory Database](https://redirect.github.com/github/advisory-database)
([CC-BY
4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)).
</details>

---

### Release Notes

<details>
<summary>lodash/lodash (lodash)</summary>

###
[`v4.17.23`](https://redirect.github.com/lodash/lodash/compare/4.17.21...4.17.23)

[Compare
Source](https://redirect.github.com/lodash/lodash/compare/4.17.21...4.17.23)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

## Need help?
You can ask for more help in the following Slack channel:
#proj-renovate-self-hosted. In that channel you can also find ADR and
FAQ docs in the Resources section.

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi44Mi4zIiwidXBkYXRlZEluVmVyIjoiNDIuODIuMyIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiYXV0b21lcmdlLXNlY3VyaXR5LXVwZGF0ZSIsInNldmVyaXR5Ok1FRElVTSJdfQ==-->

Signed-off-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com>
Co-authored-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com>
This commit is contained in:
renovate-sh-app[bot]
2026-01-22 10:51:48 +00:00
committed by GitHub
parent ff4ddc6ead
commit e388bd7d08
2 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
yarn.lock
View File

@@ -7621,7 +7621,7 @@ __metadata:
imports-loader: "npm:5.0.0"
jest: "npm:30.2.0"
jest-environment-jsdom: "npm:30.2.0"
lodash: "npm:4.17.21"
lodash: "npm:4.17.23"
mini-css-extract-plugin: "npm:2.10.0"
moment: "npm:2.30.1"
postcss: "npm:8.5.6"
@@ -9299,13 +9299,20 @@ __metadata:
languageName: node
linkType: hard
"lodash@npm:4.17.21, lodash@npm:^4.1.1, lodash@npm:^4.17.15, lodash@npm:^4.17.21, lodash@npm:^4.17.4":
"lodash@npm:4.17.21":
version: 4.17.21
resolution: "lodash@npm:4.17.21"
checksum: 10c0/d8cbea072bb08655bb4c989da418994b073a608dffa608b09ac04b43a791b12aeae7cd7ad919aa4c925f33b48490b5cfe6c1f71d827956071dae2e7bb3a6b74c
languageName: node
linkType: hard
"lodash@npm:4.17.23, lodash@npm:^4.1.1, lodash@npm:^4.17.15, lodash@npm:^4.17.21, lodash@npm:^4.17.4":
version: 4.17.23
resolution: "lodash@npm:4.17.23"
checksum: 10c0/1264a90469f5bb95d4739c43eb6277d15b6d9e186df4ac68c3620443160fc669e2f14c11e7d8b2ccf078b81d06147c01a8ccced9aab9f9f63d50dcf8cace6bf6
languageName: node
linkType: hard
"long@npm:^5.0.0":
version: 5.3.2
resolution: "long@npm:5.3.2"