Skip to content

fix(deps): vuln lodash (minor → 4.18.1) [azure]#1121

Merged
dd-prapprover[bot] merged 1 commit into
masterfrom
engraver-auto-version-upgrade/minorpatch/npm/azure/0-1778221926
May 8, 2026
Merged

fix(deps): vuln lodash (minor → 4.18.1) [azure]#1121
dd-prapprover[bot] merged 1 commit into
masterfrom
engraver-auto-version-upgrade/minorpatch/npm/azure/0-1778221926

Conversation

@gh-worker-campaigns-3e9aa4
Copy link
Copy Markdown
Contributor

@gh-worker-campaigns-3e9aa4 gh-worker-campaigns-3e9aa4 Bot commented May 8, 2026

Summary: High-severity security update — 1 package upgraded (MINOR changes included)

Manifests changed:

  • azure (npm)

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

Updates

Package From To Type Dep Type Vulnerabilities Fixed
lodash 4.17.23 4.18.1 minor Direct 1 HIGH, 1 MODERATE

Security Details

🚨 Critical & High Severity (1 fixed)
Package CVE Severity Summary Unsafe Version Fixed In
lodash GHSA-r5fr-rjxr-66jc HIGH lodash vulnerable to Code Injection via _.template imports key names 4.17.23 4.18.0
ℹ️ Other Vulnerabilities (1)
Package CVE Severity Summary Unsafe Version Fixed In
lodash GHSA-f23m-r3pf-42rh MODERATE lodash vulnerable to Prototype Pollution via array path bypass in _.unset and _.omit 4.17.23 4.18.0

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI
  • Approve and merge this PR

Update Mode: Vulnerability Remediation (High)

🤖 Generated by DataDog Automated Dependency Management System

@campaigner-prod campaigner-prod Bot marked this pull request as ready for review May 8, 2026 12:51
@campaigner-prod campaigner-prod Bot requested a review from a team as a code owner May 8, 2026 12:51
@campaigner-prod campaigner-prod Bot requested a review from kendlelam680 May 8, 2026 12:51
@dd-prapprover
Copy link
Copy Markdown

dd-prapprover Bot commented May 8, 2026
edited
Loading

PRApprover will approve and merge this PR, FAQ, #dx-source-code-management

🛠️ PRApproval Status

  • ✅ PR is eligible for auto-approval by rule dependency-management-version-updater - 2026-05-08T12:52:38Z
  • ✅ CI tests passed - 2026-05-08T12:52:42Z
  • ✅ Approved (commit: cf06d6f) - 2026-05-08T12:52:44Z
  • ✅ Merge Started
  • ✅ Merged - 2026-05-08T12:52:52Z

➡️ Current phase: PR merged successfully! ✅

dd-prapprover[bot]
dd-prapprover Bot approved these changes May 8, 2026
View reviewed changes
Copy link
Copy Markdown

@dd-prapprover dd-prapprover Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR has been automatically approved by the DD PR Approver bot.

@dd-prapprover dd-prapprover Bot merged commit e7a9a72 into master May 8, 2026
10 checks passed
@dd-prapprover dd-prapprover Bot deleted the engraver-auto-version-upgrade/minorpatch/npm/azure/0-1778221926 branch May 8, 2026 12:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dd-prapprover dd-prapprover[bot] dd-prapprover[bot] approved these changes

@kendlelam680 kendlelam680 Awaiting requested review from kendlelam680 kendlelam680 is a code owner automatically assigned from DataDog/azure-integrations

Assignees

No one assigned

Labels

adms-dependency-update adms-high-severity adms-medium-severity adms-minor-update adms-mode-all-vulns adms-npm azure azure-integrations campaigner-automated-change

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants