Skip to content
Snippets Groups Projects

[SG-36530] NPM dependency upgrades: Prototype Pollution in lodash

Merged [SG-36530] NPM dependency upgrades: Prototype Pollution in lodash
contractors/SG-36530 into main
Merged Warren Gifford requested to merge contractors/SG-36530 into main

Created by: gitstart-sourcegraph

Descriptions

Dependabot alert here

Versions of lodash before 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep allows a malicious user to modify the prototype of Object via {constructor: {prototype: {...}}} causing the addition or modification of an existing property that will exist on all objects.

Checked dependencies: @percy/cli -> @percy/cli-* -> @percy/cli-command -> @oclif/plugin-help -> lodash.template@^4.5.0

Changes: Upgrade @percy/cli version

Refs

Sourcegraph Issue GitStart Issue

Test plan

Make sure all CI checks passed

App preview:

Check out the client app preview documentation to learn more.

Merge request reports

Merged by avatar (May 6, 2025 2:25pm UTC)

Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
Please register or sign in to reply