From 227d803aebf12e5a3fc6d2f9be8e2953811e04e6 Mon Sep 17 00:00:00 2001 From: Justin Dalrymple Date: Fri, 23 Jan 2026 14:14:57 -0500 Subject: [PATCH] security: Update latest security CVE's for lodash and udicii (#3824) --- package.json | 4 +++- pnpm-lock.yaml | 30 ++++++++++++------------------ 2 files changed, 15 insertions(+), 19 deletions(-) diff --git a/package.json b/package.json index f5e83575..648f1b2d 100644 --- a/package.json +++ b/package.json @@ -9,7 +9,9 @@ "author": "Justin Dalrymple", "pnpm": { "overrides": { - "tar": "^7.5.3" + "tar": "^7.5.3", + "lodash": ">4.17.22", + "undici": ">=6.23.0" } }, "scripts": { diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 9abc5bba..d072c5ed 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -6,6 +6,8 @@ settings: overrides: tar: ^7.5.3 + lodash: '>4.17.22' + undici: '>=6.23.0' importers: @@ -657,10 +659,6 @@ packages: resolution: {integrity: sha512-43/qtrDUokr7LJqoF2c3+RInu/t4zfrpYdoSDfYyhg52rwLV6TnOvdG4fXm7IkSB3wErkcmJS9iEhjVtOSEjjA==} engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0} - '@fastify/busboy@2.1.1': - resolution: {integrity: sha512-vBZP4NlzfOlerQTnba4aqZoMhE/a9HY7HRqoOPaETQcSQuWEIyZMHGfVu6w9wGtGK5fED5qRs2DteVCjOH60sA==} - engines: {node: '>=14'} - '@gitbeaker/core@43.8.0': resolution: {integrity: sha512-H+LfKuf4dExBinb79c+CXViRBvTVQNf5BYLNSizm2SiqdED5JruhKX88payefleY0szp7G/mySlFSXPyGRH1dQ==} engines: {node: '>=18.20.0'} @@ -2908,8 +2906,8 @@ packages: lodash.startcase@4.4.0: resolution: {integrity: sha512-+WKqsK294HMSc2jEbNgpHpd0JfIBhp7rEV4aqXWqFr6AlXov+SlcgB1Fv01y2kGe3Gc8nMW7VA0SrGuSkRfIEg==} - lodash@4.17.21: - resolution: {integrity: sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==} + lodash@4.17.23: + resolution: {integrity: sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==} log-symbols@4.1.0: resolution: {integrity: sha512-8XPvpAA8uyhfteu8pIvQxpJZ7SYYdpUivZpGy6sFsBuKRY/7rQGavedeB8aK+Zkyq6upMFVL/9AW6vOYzfRyLg==} @@ -3729,9 +3727,9 @@ packages: undici-types@7.16.0: resolution: {integrity: sha512-Zz+aZWSj8LE6zoxD+xrjh4VfkIG8Ya6LvYkZqtUQGJPZjYl53ypCaUwWqo7eI0x66KBGeRo+mlBEkMSeSZ38Nw==} - undici@5.29.0: - resolution: {integrity: sha512-raqeBD6NQK4SkWhQzeYKd1KmIG6dllBOTt55Rmkt4HtI9mwdWtJljnrXjAFUBLTSN67HWrOIZ3EPF4kjUw80Bg==} - engines: {node: '>=14.0'} + undici@7.19.0: + resolution: {integrity: sha512-Heho1hJD81YChi+uS2RkSjcVO+EQLmLSyUlHyp7Y/wFbxQaGb4WXVKD073JytrjXJVkSZVzoE2MCSOKugFGtOQ==} + engines: {node: '>=20.18.1'} universal-user-agent@6.0.1: resolution: {integrity: sha512-yCzhz6FN2wU1NiiQRogkTQszlQSlpWaw8SvVegAc+bDxbzHgh1vX8uIe8OYyMH6DwH+sdTJsgMl36+mSMdRJIQ==} @@ -3894,12 +3892,12 @@ snapshots: '@octokit/plugin-rest-endpoint-methods': 10.4.1(@octokit/core@5.2.2) '@octokit/request': 8.4.1 '@octokit/request-error': 5.1.1 - undici: 5.29.0 + undici: 7.19.0 '@actions/http-client@2.2.3': dependencies: tunnel: 0.0.6 - undici: 5.29.0 + undici: 7.19.0 '@actions/io@1.1.3': {} @@ -4405,8 +4403,6 @@ snapshots: '@eslint/core': 0.17.0 levn: 0.4.1 - '@fastify/busboy@2.1.1': {} - '@gitbeaker/core@43.8.0': dependencies: '@gitbeaker/requester-utils': 43.8.0 @@ -5315,7 +5311,7 @@ snapshots: didyoumean: 1.2.2 inquirer: 12.11.1(@types/node@24.10.9) json-fixer: 1.6.15 - lodash: 4.17.21 + lodash: 4.17.23 pify: 5.0.0 yargs: 18.0.0 optionalDependencies: @@ -6977,7 +6973,7 @@ snapshots: lodash.startcase@4.4.0: {} - lodash@4.17.21: {} + lodash@4.17.23: {} log-symbols@4.1.0: dependencies: @@ -7859,9 +7855,7 @@ snapshots: undici-types@7.16.0: {} - undici@5.29.0: - dependencies: - '@fastify/busboy': 2.1.1 + undici@7.19.0: {} universal-user-agent@6.0.1: {}