Skip to content

Fix Dependabot security alerts #216

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
EPIKorial merged 2 commits into from
Feb 11, 2026
Merged

Fix Dependabot security alerts #216

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e42e3e8
Fix Dependabot security alerts for lodash, lodash-es, and tar
EPIKorial Feb 11, 2026
b62e1ef
Merge main into fix/dependabot-security-alerts
EPIKorial Feb 11, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,10 @@
"@types/react": "^18.2.12",
"@types/react-native": "^0.70.14",
"cacache/glob": "^10.5.0",
"js-yaml": "^4.1.1"
"js-yaml": "^4.1.1",
"lodash": ">=4.17.23",
"lodash-es": ">=4.17.23",
"tar": ">=7.5.4"
Comment on lines +32 to +34
Copy link

@gemini-code-assist gemini-code-assist bot Feb 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

For better dependency stability and to ensure reproducible builds, it's recommended to pin the versions in the resolutions field to the exact versions that fix the vulnerabilities, rather than using a range. This prevents accidental upgrades to potentially unstable or newly vulnerable versions.

Based on your yarn.lock file, the resolved versions are:

  • lodash: 4.17.23
  • lodash-es: 4.17.23
  • tar: 7.5.7

Please update the resolutions to use these exact versions.

Suggested change
"lodash": ">=4.17.23",
"lodash-es": ">=4.17.23",
"tar": ">=7.5.4"
"lodash": "4.17.23",
"lodash-es": "4.17.23",
"tar": "7.5.7"

},
"workspaces": [
"packages/*",
Expand Down
24 changes: 12 additions & 12 deletions yarn.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8923,10 +8923,10 @@ __metadata:
languageName: node
linkType: hard

"lodash-es@npm:^4.17.21":
version: 4.17.21
resolution: "lodash-es@npm:4.17.21"
checksum: 05cbffad6e2adbb331a4e16fbd826e7faee403a1a04873b82b42c0f22090f280839f85b95393f487c1303c8a3d2a010048bf06151a6cbe03eee4d388fb0a12d2
"lodash-es@npm:>=4.17.23":
version: 4.17.23
resolution: "lodash-es@npm:4.17.23"
checksum: b1bd1d141bbde8ffc72978e34b364065675806b0ca42ab99477d247fb2ae795faeed81db9283bf18ae1f096c2b6611ec0589e0503fa9724bf82e3dce947bad69
languageName: node
linkType: hard

Expand Down Expand Up @@ -8986,10 +8986,10 @@ __metadata:
languageName: node
linkType: hard

"lodash@npm:4.17.21, lodash@npm:^4.17.21":
version: 4.17.21
resolution: "lodash@npm:4.17.21"
checksum: eb835a2e51d381e561e508ce932ea50a8e5a68f4ebdd771ea240d3048244a8d13658acbd502cd4829768c56f2e16bdd4340b9ea141297d472517b83868e677f7
"lodash@npm:>=4.17.23":
version: 4.17.23
resolution: "lodash@npm:4.17.23"
checksum: 7daad39758a72872e94651630fbb54ba76868f904211089721a64516ce865506a759d9ad3d8ff22a2a49a50a09db5d27c36f22762d21766e47e3ba918d6d7bab
languageName: node
linkType: hard

Expand Down Expand Up @@ -12547,16 +12547,16 @@ __metadata:
languageName: node
linkType: hard

"tar@npm:^7.4.3":
version: 7.5.4
resolution: "tar@npm:7.5.4"
"tar@npm:>=7.5.4":
version: 7.5.7
resolution: "tar@npm:7.5.7"
dependencies:
"@isaacs/fs-minipass": ^4.0.0
chownr: ^3.0.0
minipass: ^7.1.2
minizlib: ^3.1.0
yallist: ^5.0.0
checksum: 81ac84a0df655890a4acd6d216a10a3b8f1d391949b2cba4fef4e9c5c77d10ee68188eef3c7a1f019f6e0cbbcdada091008359519c2ec824fa0a9c8fe2126a95
checksum: 82fa04804b6cae4c0b46b84e97a08c39e1c17bb959350baa32d139bcf5e1fc7ebc3ceb72465dd3e2e311992386ecc13599a257d5672158490ceb9464146d5573
languageName: node
linkType: hard

Expand Down
Loading