Skip to content

fix: bump lodash version to avoid CVEs #777

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Andris28 merged 1 commit into from
Jan 23, 2026
Merged

fix: bump lodash version to avoid CVEs #777

Andris28 merged 1 commit into from
Jan 23, 2026
+41 −26

Conversation

@Andris28
Copy link
Contributor

@Andris28 Andris28 commented Jan 23, 2026
edited
Loading

Bump lodash version from 4.17.21 to 4.17.23 to avoid CVEs.
ref: vulnerability

@Andris28
fix: bump lodash version to avoid CVEs
940e1d2 
Signed-off-by: András Felleg <73272730+Andris28@users.noreply.github.com>
@Andris28 Andris28 requested review from diatrcz and pyrooka January 23, 2026 12:08
@Andris28 Andris28 self-assigned this Jan 23, 2026
@CLAassistant
Copy link

CLAassistant commented Jan 23, 2026
edited
Loading

CLA assistant check
All committers have signed the CLA.

pyrooka
pyrooka approved these changes Jan 23, 2026
View reviewed changes
Copy link
Member

@pyrooka pyrooka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, thanks for the quick fix!

@Andris28 Andris28 merged commit 54368a0 into main Jan 23, 2026
7 checks passed
@Andris28 Andris28 deleted the fa/issue-4316 branch January 23, 2026 17:30
ibm-devx-sdk pushed a commit that referenced this pull request Jan 23, 2026
@semantic-release-bot
chore(release): 1.33.6 [skip ci]
77f398f 
## @ibm-cloud/openapi-ruleset [1.33.6](https://github.com/IBM/openapi-validator/compare/@ibm-cloud/openapi-ruleset@1.33.5...@ibm-cloud/openapi-ruleset@1.33.6) (2026-01-23)

### Bug Fixes

* bump lodash version to avoid CVEs ([#777](#777)) ([54368a0](54368a0))
@ibm-devx-sdk
Copy link

ibm-devx-sdk commented Jan 23, 2026

🎉 This PR is included in version 1.33.6 🎉

The release is available on npm package (@latest dist-tag)

Your semantic-release bot 📦🚀

ibm-devx-sdk pushed a commit that referenced this pull request Jan 23, 2026
@semantic-release-bot
chore(release): 1.37.9 [skip ci]
715b4a6 
## ibm-openapi-validator [1.37.9](https://github.com/IBM/openapi-validator/compare/ibm-openapi-validator@1.37.8...ibm-openapi-validator@1.37.9) (2026-01-23)

### Bug Fixes

* bump lodash version to avoid CVEs ([#777](#777)) ([54368a0](54368a0))

### Dependencies

* **@ibm-cloud/openapi-ruleset:** upgraded to 1.33.6
@ibm-devx-sdk
Copy link

ibm-devx-sdk commented Jan 23, 2026

🎉 This PR is included in version 1.37.9 🎉

The release is available on npm package (@latest dist-tag)

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pyrooka pyrooka pyrooka approved these changes

@diatrcz diatrcz Awaiting requested review from diatrcz

Assignees

@Andris28 Andris28

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@Andris28 @CLAassistant @ibm-devx-sdk @pyrooka