Skip to content

Commit cc2829a

Browse files
Copilotjencarlucci
Copilot
authored and
jencarlucci
committed
Bump lodash to >= 4.18.0 via npm override
Add npm override for lodash to resolve CVE-2026-4800 (Code Injection via \_.template imports key names). Closes github/vuln-mgmt#192979 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
1 parent f36e195 commit cc2829a

2 files changed

Lines changed: 15 additions & 9 deletions

File tree

package-lock.json

Lines changed: 9 additions & 8 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,10 +10,15 @@
1010
"lint": "eslint descriptions/**/*.json --ext .json"
1111
},
1212
"eslintConfig": {
13-
"extends": ["plugin:json/recommended"]
13+
"extends": [
14+
"plugin:json/recommended"
15+
]
1416
},
1517
"devDependencies": {
1618
"eslint": "^8.13.0",
1719
"eslint-plugin-json": "^3.1.0"
20+
},
21+
"overrides": {
22+
"lodash": ">=4.18.0"
1823
}
1924
}

0 commit comments

Comments
 (0)