CVE-2026-4800 lodash: Arbitrary code execution via untrusted input in template imports#224
CVE-2026-4800 lodash: Arbitrary code execution via untrusted input in template imports#224keithchong wants to merge 2 commits into
Conversation
chore(deps): update dependency lodash-es to v4.18.1
1e5a8a1 to
895a50a
Compare
|
Important Review skippedReview was skipped due to path filters ⛔ Files ignored due to path filters (1)
CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including ⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Enterprise Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
📝 WalkthroughWalkthroughUpdated ChangesDependency Update
Estimated code review effort: 1 (Trivial) | ~2 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #224 +/- ##
==========================================
- Coverage 11.92% 11.84% -0.09%
==========================================
Files 154 154
Lines 6272 6326 +54
Branches 2028 2162 +134
==========================================
+ Hits 748 749 +1
+ Misses 5524 5355 -169
- Partials 0 222 +222
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
@aali309 , updating version for now. I will be bumping up the dynamic plugin SDK, and removing the dependency on the old dagre package (which pulls in lodash) and will use @dagrejs/dagre instead.