From 82ed8972b080354f883a102c71dae4a5dd961713 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 30 Apr 2026 07:13:37 +0000 Subject: [PATCH 1/2] Initial plan From e5aec1bd53a01cbebfeea596925c0526339f47a0 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 30 Apr 2026 07:15:41 +0000 Subject: [PATCH 2/2] fix: bump lodash to ^4.18.1 to resolve CVE-2026-4800 Co-authored-by: GitHub Copilot --- package.json | 1 + yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/package.json b/package.json index 98acfe4..a0e05dc 100644 --- a/package.json +++ b/package.json @@ -93,6 +93,7 @@ }, "resolutions": { "cross-spawn": "^7.0.6", + "lodash": "^4.18.1", "minimatch": "^5.1.8", "wrap-ansi": "^7.0.0", "semver": "^7.3.2" diff --git a/yarn.lock b/yarn.lock index 05ef8df..ec0a56a 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4439,10 +4439,10 @@ lodash.upperfirst@^4.3.1: resolved "https://registry.yarnpkg.com/lodash.upperfirst/-/lodash.upperfirst-4.3.1.tgz#1365edf431480481ef0d1c68957a5ed99d49f7ce" integrity sha512-sReKOYJIJf74dhJONhU4e0/shzi1trVbSWDOhKYE5XV2O+H7Sb2Dihwuc7xWxVl+DgFPyTqIN3zMfT9cq5iWDg== -lodash@^4.17.15, lodash@^4.17.21, lodash@~4.17.21: - version "4.17.21" - resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz#679591c564c3bffaae8454cf0b3df370c3d6911c" - integrity sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg== +lodash@^4.17.15, lodash@^4.17.21, lodash@^4.18.1, lodash@~4.17.21: + version "4.18.1" + resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.18.1.tgz#ff2b66c1f6326d59513de2407bf881439812771c" + integrity sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q== loglevel@^1.8.1: version "1.9.2"