Skip to content

Update dependency lodash to v4#33

Open
dev-mend-for-github-com[bot] wants to merge 1 commit into
masterfrom
whitesource-remediate/lodash-4.x
Open

Update dependency lodash to v4#33
dev-mend-for-github-com[bot] wants to merge 1 commit into
masterfrom
whitesource-remediate/lodash-4.x

Update dependency lodash to v4

1402e4d
Select commit
Loading
Failed to load commit list.
Dev - Mend for GitHub.com / Mend Security Check failed May 27, 2026 in 7m 13s

Security Report

You have successfully remediated 8 vulnerabilities, but introduced 7 new vulnerabilities in this branch.

❌ New vulnerabilities:

Vulnerability Severity CVSS Score Vulnerable Library Direct Library Suggested Fix Issue
CVE-2026-4800

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/lodash/package.json

Dependency Hierarchy:

-> ❌ lodash-4.17.23.tgz (Vulnerable Library)

High 8.1 Direct lodash-4.17.23.tgz lodash-4.17.23.tgz Upgrade to version lodash-amd - 4.18.0 or greater None
CVE-2026-26996

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/commoner/node_modules/minimatch/package.json

Dependency Hierarchy:

-> react-0.13.3.tgz (Root Library)

   -> envify-3.4.1.tgz

     -> jstransform-11.0.3.tgz

       -> commoner-0.10.8.tgz

         -> glob-5.0.15.tgz

           -> ❌ minimatch-3.1.5.tgz (Vulnerable Library)

High 7.5 Transitive minimatch-3.1.5.tgz react-0.13.3.tgz Transitive 10.2.1 #⁠11
CVE-2020-11023

Path to dependency file: /test/index.html

Path to vulnerable library: /test/index.html

Dependency Hierarchy:

-> ❌ jquery-11.0-1.7.22-1.min.js (Vulnerable Library)

Medium 6.9 Direct jquery-11.0-1.7.22-1.min.js jquery-11.0-1.7.22-1.min.js org.webjars.npm:jquery:3.5.0,jquery - 3.5.0,jquery-rails - 4.4.0,jQuery - 3.5.0 None
CVE-2020-11022

Path to dependency file: /test/index.html

Path to vulnerable library: /test/index.html

Dependency Hierarchy:

-> ❌ jquery-11.0-1.7.22-1.min.js (Vulnerable Library)

Medium 6.9 Direct jquery-11.0-1.7.22-1.min.js jquery-11.0-1.7.22-1.min.js org.webjars.npm:jquery:3.5.0,jquery - 3.5.0,jquery - 3.5.0,jquery-rails - 4.4.0 None
CVE-2026-2950

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/lodash/package.json

Dependency Hierarchy:

-> ❌ lodash-4.17.23.tgz (Vulnerable Library)

Medium 6.5 Direct lodash-4.17.23.tgz lodash-4.17.23.tgz lodash-es - 4.17.23,lodash - 4.17.23,lodash-amd - 4.17.23 None
CVE-2019-11358

Path to dependency file: /test/index.html

Path to vulnerable library: /test/index.html

Dependency Hierarchy:

-> ❌ jquery-11.0-1.7.22-1.min.js (Vulnerable Library)

Medium 6.1 Direct jquery-11.0-1.7.22-1.min.js jquery-11.0-1.7.22-1.min.js org.webjars.npm:jquery:3.4.0,django - 2.2.2,jquery - 3.4.0,jquery-rails - 4.3.4,django - 2.1.9,jQuery - 3.4.0,jQuery - 3.4.0 None
CVE-2015-9251

Path to dependency file: /test/index.html

Path to vulnerable library: /test/index.html

Dependency Hierarchy:

-> ❌ jquery-11.0-1.7.22-1.min.js (Vulnerable Library)

Medium 6.1 Direct jquery-11.0-1.7.22-1.min.js jquery-11.0-1.7.22-1.min.js jquery - 3.0.0,org.webjars.npm:jquery:1.12.2,jQuery - 3.0.0,jquery-rails - 4.2.0,jquery - 1.12.2,org.webjars.npm:jquery:3.0.0,jQuery - 1.12.2,jQuery - 3.0.0,org.webjars.npm:jquery:1.12.2,org.webjars.npm:jquery:3.0.0,jquery - 3.0.0,jquery - 1.12.2,jQuery - 1.12.2,jquery-rails - 4.2.0 None

✔️ Remediated vulnerabilities:

Vulnerability Vulnerable Library
CVE-2015-9251 jquery-1.9.1.js
CVE-2025-5889 brace-expansion-1.1.11.tgz
CVE-2020-11022 jquery-1.9.1.js
CVE-2026-26996 minimatch-3.1.2.tgz
CVE-2019-11358 jquery-1.9.1.js
CVE-2017-16129 superagent-1.2.0.tgz
CVE-2020-11023 jquery-1.9.1.js
CVE-2026-33750 brace-expansion-1.1.11.tgz

Base branch total remaining vulnerabilities: 45
Base branch commit: null


Total libraries scanned: 283

Scan token: e04db311a58b4e548e88b58d2f07ff92

View more details on Dev - Mend for GitHub.com