Skip to content

chore(deps): update dependency lodash to v4.18.1 (master)#955

Open
mend-for-github-com[bot] wants to merge 1 commit into
masterfrom
whitesource-remediate/master-lodash-4.x-lockfile
Open

chore(deps): update dependency lodash to v4.18.1 (master)#955
mend-for-github-com[bot] wants to merge 1 commit into
masterfrom
whitesource-remediate/master-lodash-4.x-lockfile

chore(deps): update dependency lodash to v4.18.1

e4beec1
Select commit
Loading
Failed to load commit list.
Mend for GitHub.com / WhiteSource Security Check failed Jun 4, 2026 in 5m 39s

Security Report

❗️Scan Warnings: The scan completed with warnings. The integration encountered issues with one or more projects in this repository. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.

Scan Details Report

general

vcr.vonage.cloud
Step Level Description Details
Checking registry connectivity ⚠Warn Unsupported configuration was provided unsupported host type docker, skipped

4 new vulnerabilities were introduced in this branch.

❌ New vulnerabilities:
Vulnerability Severity CVSS Score Exploit Maturity EPSS Vulnerable Library Direct Library Suggested Fix Issue Reachability
CVE-2026-4800

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> grunt-1.3.0.tgz (Root Library)

   -> grunt-legacy-log-3.0.0.tgz

     -> ❌ lodash-4.17.23.tgz (Vulnerable Library)

High 8.1 Not Defined 0.044% Transitive lodash-4.17.23.tgz grunt-1.3.0.tgz Transitive lodash-amd - 4.18.0,lodash - 4.18.0,lodash.template - 4.18.0,lodash-es - 4.18.0 #⁠788

Unreachable
CVE-2026-4800

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> grunt-contrib-watch-1.1.0.tgz (Root Library)

   -> gaze-1.1.3.tgz

     -> globule-1.3.2.tgz

       -> ❌ lodash-4.17.23.tgz (Vulnerable Library)

High 8.1 Not Defined 0.044% Transitive lodash-4.17.23.tgz grunt-contrib-watch-1.1.0.tgz Transitive lodash-amd - 4.18.0,lodash - 4.18.0,lodash.template - 4.18.0,lodash-es - 4.18.0 #⁠790

Unreachable
CVE-2026-2950

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> grunt-1.3.0.tgz (Root Library)

   -> grunt-legacy-log-3.0.0.tgz

     -> ❌ lodash-4.17.23.tgz (Vulnerable Library)

Medium 6.5 Not Defined 0.025% Transitive lodash-4.17.23.tgz grunt-1.3.0.tgz Transitive lodash-es - 4.17.23,lodash-amd - 4.17.23,lodash - 4.17.23 #⁠788

Unreachable
CVE-2026-2950

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> grunt-contrib-watch-1.1.0.tgz (Root Library)

   -> gaze-1.1.3.tgz

     -> globule-1.3.2.tgz

       -> ❌ lodash-4.17.23.tgz (Vulnerable Library)

Medium 6.5 Not Defined 0.025% Transitive lodash-4.17.23.tgz grunt-contrib-watch-1.1.0.tgz Transitive lodash-es - 4.17.23,lodash-amd - 4.17.23,lodash - 4.17.23 #⁠790

Unreachable

Base branch total remaining vulnerabilities: 97
Base branch commit: 5da5ea447fcb6578f8e4b60aaa3a6239d25ed3d8


Total libraries scanned: 579

Scan token: 75a94d05a66b4cb08a192a6103504edb

View more details on Mend for GitHub.com