Skip to content

Commit 226d47b

Browse files
andriy-sudoclaude
andriy-sudo
and
claude
committed
fix(security): bump lodash 4.17.23 → 4.18.1 in examples/js (ENG-14277)
Adds overrides entry to block GHSA-r5fr-rjxr-66jc (CVE-2026-4800, CVSS HIGH): lodash _.template code injection via options.imports key names, fixed in 4.18.0. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
1 parent 015a918 commit 226d47b

2 files changed

Lines changed: 4 additions & 3 deletions

File tree

examples/js/package-lock.json

Lines changed: 3 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

examples/js/package.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,7 @@
2626
"overrides": {
2727
"axios": "^1.15.0",
2828
"flatted": "^3.4.2",
29+
"lodash": "^4.18.0",
2930
"minimatch": "^3.1.3"
3031
}
3132
}

0 commit comments

Comments
 (0)