fix(web): bump lodash past vulnerable range (#16281)

2026-06-29 15:31:05 +08:00 · 2026-06-25 12:10:39 +05:30
parent fb8e5ad4b2
commit 09047d6edf
3 changed files with 6 additions and 6 deletions
--- a/web/package-lock.json
+++ b/web/package-lock.json
@@ -72,7 +72,7 @@
        "jsencrypt": "^3.3.2",
        "jsoneditor": "^10.4.2",
        "lexical": "^0.23.1",
-        "lodash": "^4.17.23",
+        "lodash": "^4.18.1",
        "lucide-react": "^1.7.0",
        "next-themes": "^0.4.6",
        "openai-speech-stream-player": "^1.0.8",
@@ -18757,9 +18757,9 @@
      }
    },
    "node_modules/lodash": {
-      "version": "4.17.23",
-      "resolved": "https://registry.npmmirror.com/lodash/-/lodash-4.17.23.tgz",
-      "integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==",
+      "version": "4.18.1",
+      "resolved": "https://registry.npmmirror.com/lodash/-/lodash-4.18.1.tgz",
+      "integrity": "sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==",
      "license": "MIT"
    },
    "node_modules/lodash.debounce": {
--- a/web/package.json
+++ b/web/package.json
@@ -94,7 +94,7 @@
    "jsencrypt": "^3.3.2",
    "jsoneditor": "^10.4.2",
    "lexical": "^0.23.1",
-    "lodash": "^4.17.23",
+    "lodash": "^4.18.1",
    "lucide-react": "^1.7.0",
    "next-themes": "^0.4.6",
    "openai-speech-stream-player": "^1.0.8",
--- a/web/pnpm-lock.yaml
+++ b/web/pnpm-lock.yaml
@@ -204,7 +204,7 @@ importers:
        specifier: ^0.23.1
        version: 0.23.1
      lodash:
-        specifier: ^4.17.23
+        specifier: ^4.18.1
        version: 4.18.1
      lucide-react:
        specifier: ^1.7.0