Skip to content

VULN UPGRADE: patch: lodash, prettier [azure]#1066

Closed
campaigner-prod[bot] wants to merge 1 commit intomasterfrom
engraver-auto-version-upgrade/minorpatch/npm/azure/0-1770923952
Closed

VULN UPGRADE: patch: lodash, prettier [azure]#1066
campaigner-prod[bot] wants to merge 1 commit intomasterfrom
engraver-auto-version-upgrade/minorpatch/npm/azure/0-1770923952

Conversation

@campaigner-prod
Copy link

@campaigner-prod campaigner-prod bot commented Feb 12, 2026

Summary: Security update — 2 packages upgraded (patch changes only)

Manifests changed:

  • azure (npm)

Updates

Package From To Type Vulnerabilities Fixed
lodash 4.17.21 4.17.23 patch 2 MODERATE
prettier 3.7.3 3.7.4 patch -

Packages marked with "-" are updated due to dependency constraints.

Security Details

ℹ️ Other Vulnerabilities (2)
Package CVE Severity Summary Unsafe Version Fixed In
lodash GHSA-xxjr-mmjv-4gpg MODERATE Lodash has Prototype Pollution Vulnerability in _.unset and _.omit functions 4.17.21 4.17.23
lodash CVE-2025-13465 MODERATE - 4.17.21 -

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI

Update Mode: Vulnerability Remediation

🤖 Generated by DataDog Automated Dependency Management System

@campaigner-prod campaigner-prod bot requested a review from a team as a code owner February 12, 2026 19:19
@dd-prapprover
Copy link

dd-prapprover bot commented Feb 12, 2026
edited
Loading

PRApprover will approve and merge this PR, FAQ, #dx-source-code-management

🛠️ PRApproval Status

🔗 Workflow Link

  • ✅ PR is eligible for auto-approval by rule dependency-management-version-updater - 2026-02-12T19:19:46Z
  • ✅ CI tests passed - 2026-02-12T19:24:35Z
  • ✅ Approved (commit: 2eecf18) - 2026-02-12T19:24:37Z
  • ⬜ Merge Started
  • ⬜ Merged

➡️ Current phase: waiting to merge...

dd-prapprover[bot]
dd-prapprover bot approved these changes Feb 12, 2026
View reviewed changes
Copy link

@dd-prapprover dd-prapprover bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR has been automatically approved by the DD PR Approver bot.

@campaigner-prod campaigner-prod bot closed this Mar 1, 2026
@campaigner-prod campaigner-prod bot deleted the engraver-auto-version-upgrade/minorpatch/npm/azure/0-1770923952 branch March 1, 2026 14:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@benblaustein benblaustein benblaustein approved these changes

@dd-prapprover dd-prapprover[bot] dd-prapprover[bot] approved these changes

Assignees

No one assigned

Labels

adms-dependency-update adms-medium-severity adms-mode-all-updates adms-npm adms-patch-update azure azure-integrations campaigner-automated-change

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@benblaustein