Skip to content

Commit 759fe8d

Browse files
lucygramleyCopilot
lucygramley
and
Copilot
committed
Fix CVE-2026-4800: Update lodash to 4.18.x
Updates lodash from 4.17.23 to 4.18.1 across all projects to fix CVE-2026-4800 (Code Injection via _.template imports key names). Updated lockfiles: - Nodejs/Tests/MockProjects/reactappwithjestteststypescript - Nodejs/Tests/MockProjects/NodeAppWithAngularTests - Nodejs/Tests/MockProjects/reactappwithjesttestsjavascript - Root package-lock.json S360 KPI: [SFI-ES5.2] 1ES Open Source Vulnerabilities Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
1 parent aa8c6a1 commit 759fe8d

8 files changed

Lines changed: 68 additions & 14 deletions

File tree

Nodejs/Tests/MockProjects/NodeAppWithAngularTests/package-lock.json

Lines changed: 4 additions & 4 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Nodejs/Tests/MockProjects/NodeAppWithAngularTests/package.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@
1919
"@angular/platform-browser": "^21.0.7",
2020
"@angular/platform-browser-dynamic": "^21.0.7",
2121
"@angular/router": "^21.0.7",
22+
"lodash": "^4.18.1",
2223
"rxjs": "~7.8.1",
2324
"tslib": "^2.6.3",
2425
"zone.js": "~0.14.10"

Nodejs/Tests/MockProjects/reactappwithjesttestsjavascript/package-lock.json

Lines changed: 48 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Nodejs/Tests/MockProjects/reactappwithjesttestsjavascript/package.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@
77
"@testing-library/react": "^16.0.0",
88
"@testing-library/user-event": "^14.5.2",
99
"jest-editor-support": "^31.1.2",
10+
"lodash": "^4.18.1",
1011
"react": "^18.3.1",
1112
"react-dom": "^18.3.1",
1213
"web-vitals": "^4.2.3"

Nodejs/Tests/MockProjects/reactappwithjestteststypescript/package-lock.json

Lines changed: 4 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Nodejs/Tests/MockProjects/reactappwithjestteststypescript/package.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@
1111
"@types/react": "^17.0.30",
1212
"@types/react-dom": "^17.0.9",
1313
"jest-editor-support": "^30.0.2",
14+
"lodash": "^4.18.1",
1415
"react": "^17.0.2",
1516
"react-dom": "^17.0.2",
1617
"typescript": "^4.4.4",

package-lock.json

Lines changed: 6 additions & 4 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,5 +16,8 @@
1616
"eslint-plugin-vue": "^6.0.1",
1717
"react": "^16.12.0",
1818
"typescript": "3.6.4"
19+
},
20+
"dependencies": {
21+
"lodash": "^4.18.1"
1922
}
2023
}

0 commit comments

Comments
 (0)