Skip to content

fix(deps): vuln lodash (minor → 4.18.1) [azure]#1101

Closed
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit into
masterfrom
engraver-auto-version-upgrade/minorpatch/npm/azure/0-1775513262
Closed

fix(deps): vuln lodash (minor → 4.18.1) [azure]#1101
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit into
masterfrom
engraver-auto-version-upgrade/minorpatch/npm/azure/0-1775513262

Conversation

@gh-worker-campaigns-3e9aa4
Copy link
Copy Markdown
Contributor

@gh-worker-campaigns-3e9aa4 gh-worker-campaigns-3e9aa4 Bot commented Apr 6, 2026

Summary: High-severity security update — 1 package upgraded (MINOR changes included)

Manifests changed:

  • azure (npm)

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

Updates

Package From To Type Vulnerabilities Fixed
lodash 4.17.23 4.18.1 minor 1 HIGH, 1 MODERATE

Security Details

🚨 Critical & High Severity (1 fixed)
Package CVE Severity Summary Unsafe Version Fixed In
lodash GHSA-r5fr-rjxr-66jc HIGH lodash vulnerable to Code Injection via _.template imports key names 4.17.23 4.18.0
ℹ️ Other Vulnerabilities (1)
Package CVE Severity Summary Unsafe Version Fixed In
lodash GHSA-f23m-r3pf-42rh MODERATE lodash vulnerable to Prototype Pollution via array path bypass in _.unset and _.omit 4.17.23 4.18.0

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI
  • Approve and merge this PR

Update Mode: Vulnerability Remediation (High)

🤖 Generated by DataDog Automated Dependency Management System

@campaigner-prod campaigner-prod Bot marked this pull request as ready for review April 7, 2026 14:08
@campaigner-prod campaigner-prod Bot requested a review from a team as a code owner April 7, 2026 14:08
@campaigner-prod campaigner-prod Bot requested a review from mattsp1290 April 7, 2026 14:08
@dd-prapprover
Copy link
Copy Markdown

dd-prapprover Bot commented Apr 7, 2026
edited
Loading

PRApprover will approve and merge this PR, FAQ, #dx-source-code-management

🛠️ PRApproval Status

  • ✅ PR is eligible for auto-approval by rule dependency-management-version-updater - 2026-04-07T14:08:37Z
  • ✅ CI tests passed - 2026-04-07T14:08:41Z
  • ✅ Approved (commit: 2de7f87) - 2026-04-07T14:08:44Z
  • ✅ Merge Started
  • ⬜ Merged

➡️ Current phase: merge in progress...

dd-prapprover[bot]
dd-prapprover Bot approved these changes Apr 7, 2026
View reviewed changes
Copy link
Copy Markdown

@dd-prapprover dd-prapprover Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR has been automatically approved by the DD PR Approver bot.

@gh-worker-campaigns-3e9aa4 gh-worker-campaigns-3e9aa4 Bot deleted the engraver-auto-version-upgrade/minorpatch/npm/azure/0-1775513262 branch April 26, 2026 15:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dd-prapprover dd-prapprover[bot] dd-prapprover[bot] approved these changes

@mattsp1290 mattsp1290 Awaiting requested review from mattsp1290 mattsp1290 is a code owner automatically assigned from DataDog/azure-integrations

Assignees

No one assigned

Labels

adms-dependency-update adms-high-severity adms-medium-severity adms-minor-update adms-mode-all-updates adms-npm azure azure-integrations campaigner-automated-change

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants