Skip to content

Bump lodash-es from 4.17.15 to 4.17.21 #603

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dependabot wants to merge 1 commit into
base: master
Choose a base branch
from

Bump lodash-es from 4.17.15 to 4.17.21

98c42db
Select commit
Loading
Failed to load commit list.
Open

Bump lodash-es from 4.17.15 to 4.17.21 #603

Bump lodash-es from 4.17.15 to 4.17.21
98c42db
Select commit
Loading
Failed to load commit list.
Orca Security (US) / Orca Security - Vulnerabilities failed Sep 30, 2025 in 7s

Orca Security Scan Summary

Status Check Issues by priority
Failed Failed Vulnerabilities high 1   medium 0   low 0   info 0 View in Orca
☢️ The following Vulnerabilities (CVEs) have been detected
PACKAGE FILE CVE ID INSTALLED VERSION FIXED VERSION
critical y18n ./yarn.lock CVE-2020-7774 3.2.1 3.2.2, 4.0.1, 5.0.5 View in code

Annotations

Check failure on line 16079 in yarn.lock

See this annotation in the file changed.

@orca-security-us orca-security-us / Orca Security - Vulnerabilities

[CRITICAL] y18n (CVE-2020-7774) 

nodejs-y18n - prototype pollution vulnerability
Severity: CRITICAL
CVSS2 Score: 7.5
CVSS3 Score: 9.8
Installed version: 3.2.1
Fixed version: 3.2.2, 4.0.1, 5.0.5
View more details on Orca Security (US)