Merge pull request #169 from Staffbase/copilot/investigate-dependabot-alerts-lodash

maximizeIT · web-flow · commit 0807f6063fd0 · 2026-04-08T11:50:28.000+02:00
fix: bump lodash resolution to 4.18.1 to address CVEs #70 #71
diff --git a/package.json b/package.json
@@ -20,7 +20,7 @@
     "boolean-negation": true
   },
   "resolutions": {
-    "lodash": "4.17.23",
+    "lodash": "4.18.1",
     "minimatch": "3.1.5",
     "glob/minimatch": "9.0.9",
     "@typescript-eslint/typescript-estree/minimatch": "10.2.4",
diff --git a/yarn.lock b/yarn.lock
@@ -3107,10 +3107,10 @@ lodash.merge@^4.6.2:
   resolved "https://registry.yarnpkg.com/lodash.merge/-/lodash.merge-4.6.2.tgz#558aa53b43b661e1925a0afdfa36a9a1085fe57a"
   integrity sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ==
 
-lodash@4.17.23, lodash@^4.17.14:
-  version "4.17.23"
-  resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.23.tgz#f113b0378386103be4f6893388c73d0bde7f2c5a"
-  integrity sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==
+lodash@4.18.1, lodash@^4.17.14:
+  version "4.18.1"
+  resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.18.1.tgz#ff2b66c1f6326d59513de2407bf881439812771c"
+  integrity sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==
 
 loose-envify@^1.4.0:
   version "1.4.0"
