Skip to content

Update dependency lodash to v4.17.23 #96

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
mend-for-github-com wants to merge 1 commit into
base: main
Choose a base branch
from

Update dependency lodash to v4.17.23

4c14e4e
Select commit
Loading
Failed to load commit list.
Open

Update dependency lodash to v4.17.23 #96

Update dependency lodash to v4.17.23
4c14e4e
Select commit
Loading
Failed to load commit list.
Mend for GitHub.com / Mend Security Check failed Apr 2, 2026 in 45s

Security Report

You have successfully remediated 2 vulnerabilities, but introduced 13 new vulnerabilities in this branch.

❌ New vulnerabilities:

Vulnerability Severity CVSS Score Vulnerable Library Direct Library Suggested Fix Issue
CVE-2026-33937

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> nodemailer-express-handlebars-5.0.0.tgz (Root Library)

   -> express-handlebars-6.0.7.tgz

     -> ❌ handlebars-4.7.7.tgz (Vulnerable Library)

Critical 9.8 Transitive handlebars-4.7.7.tgz nodemailer-express-handlebars-5.0.0.tgz Transitive https://github.com/handlebars-lang/handlebars.js.git - v4.7.9 None
CVE-2026-33941

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> nodemailer-express-handlebars-5.0.0.tgz (Root Library)

   -> express-handlebars-6.0.7.tgz

     -> ❌ handlebars-4.7.7.tgz (Vulnerable Library)

High 8.2 Transitive handlebars-4.7.7.tgz nodemailer-express-handlebars-5.0.0.tgz Transitive https://github.com/handlebars-lang/handlebars.js.git - v4.7.9 None
CVE-2026-33940

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> nodemailer-express-handlebars-5.0.0.tgz (Root Library)

   -> express-handlebars-6.0.7.tgz

     -> ❌ handlebars-4.7.7.tgz (Vulnerable Library)

High 8.1 Transitive handlebars-4.7.7.tgz nodemailer-express-handlebars-5.0.0.tgz Transitive https://github.com/handlebars-lang/handlebars.js.git - v4.7.9 None
CVE-2026-33938

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> nodemailer-express-handlebars-5.0.0.tgz (Root Library)

   -> express-handlebars-6.0.7.tgz

     -> ❌ handlebars-4.7.7.tgz (Vulnerable Library)

High 8.1 Transitive handlebars-4.7.7.tgz nodemailer-express-handlebars-5.0.0.tgz Transitive https://github.com/handlebars-lang/handlebars.js.git - v4.7.9 None
CVE-2026-33939

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> nodemailer-express-handlebars-5.0.0.tgz (Root Library)

   -> express-handlebars-6.0.7.tgz

     -> ❌ handlebars-4.7.7.tgz (Vulnerable Library)

High 7.5 Transitive handlebars-4.7.7.tgz nodemailer-express-handlebars-5.0.0.tgz Transitive https://github.com/handlebars-lang/handlebars.js.git - v4.7.9 None
CVE-2026-27904

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> nodemailer-express-handlebars-5.0.0.tgz (Root Library)

   -> express-handlebars-6.0.7.tgz

     -> glob-8.1.0.tgz

       -> ❌ minimatch-5.1.6.tgz (Vulnerable Library)

High 7.5 Transitive minimatch-5.1.6.tgz nodemailer-express-handlebars-5.0.0.tgz Transitive 5.1.8 None
CVE-2026-27904

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> puppeteer-18.2.1.tgz (Root Library)

   -> puppeteer-core-18.2.1.tgz

     -> rimraf-3.0.2.tgz

       -> glob-7.2.3.tgz

         -> ❌ minimatch-3.1.2.tgz (Vulnerable Library)

High 7.5 Transitive minimatch-3.1.2.tgz puppeteer-18.2.1.tgz Transitive 3.1.4 #75
CVE-2026-27903

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> nodemailer-express-handlebars-5.0.0.tgz (Root Library)

   -> express-handlebars-6.0.7.tgz

     -> glob-8.1.0.tgz

       -> ❌ minimatch-5.1.6.tgz (Vulnerable Library)

High 7.5 Transitive minimatch-5.1.6.tgz nodemailer-express-handlebars-5.0.0.tgz Transitive https://github.com/isaacs/minimatch.git - v7.4.8,https://github.com/isaacs/minimatch.git - v8.0.6,https://github.com/isaacs/minimatch.git - v9.0.7,https://github.com/isaacs/minimatch.git - v5.1.8,https://github.com/isaacs/minimatch.git - v10.2.3,https://github.com/isaacs/minimatch.git - v6.2.2,https://github.com/isaacs/minimatch.git - v4.2.5,https://github.com/isaacs/minimatch.git - v3.1.3 None
CVE-2026-27903

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> puppeteer-18.2.1.tgz (Root Library)

   -> puppeteer-core-18.2.1.tgz

     -> rimraf-3.0.2.tgz

       -> glob-7.2.3.tgz

         -> ❌ minimatch-3.1.2.tgz (Vulnerable Library)

High 7.5 Transitive minimatch-3.1.2.tgz puppeteer-18.2.1.tgz Transitive https://github.com/isaacs/minimatch.git - v7.4.8,https://github.com/isaacs/minimatch.git - v8.0.6,https://github.com/isaacs/minimatch.git - v9.0.7,https://github.com/isaacs/minimatch.git - v5.1.8,https://github.com/isaacs/minimatch.git - v10.2.3,https://github.com/isaacs/minimatch.git - v6.2.2,https://github.com/isaacs/minimatch.git - v4.2.5,https://github.com/isaacs/minimatch.git - v3.1.3 #75
CVE-2026-26996

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> nodemailer-express-handlebars-5.0.0.tgz (Root Library)

   -> express-handlebars-6.0.7.tgz

     -> glob-8.1.0.tgz

       -> ❌ minimatch-5.1.6.tgz (Vulnerable Library)

High 7.5 Transitive minimatch-5.1.6.tgz nodemailer-express-handlebars-5.0.0.tgz Transitive https://github.com/isaacs/minimatch.git - v10.2.1,https://github.com/isaacs/minimatch.git - v7.4.7,https://github.com/isaacs/minimatch.git - v6.2.1,https://github.com/isaacs/minimatch.git - v9.0.6,https://github.com/isaacs/minimatch.git - v8.0.5,https://github.com/isaacs/minimatch.git - v3.1.3,https://github.com/isaacs/minimatch.git - v4.2.4,https://github.com/isaacs/minimatch.git - v5.1.7 None
CVE-2026-26996

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> puppeteer-18.2.1.tgz (Root Library)

   -> puppeteer-core-18.2.1.tgz

     -> rimraf-3.0.2.tgz

       -> glob-7.2.3.tgz

         -> ❌ minimatch-3.1.2.tgz (Vulnerable Library)

High 7.5 Transitive minimatch-3.1.2.tgz puppeteer-18.2.1.tgz Transitive https://github.com/isaacs/minimatch.git - v10.2.1,https://github.com/isaacs/minimatch.git - v7.4.7,https://github.com/isaacs/minimatch.git - v6.2.1,https://github.com/isaacs/minimatch.git - v9.0.6,https://github.com/isaacs/minimatch.git - v8.0.5,https://github.com/isaacs/minimatch.git - v3.1.3,https://github.com/isaacs/minimatch.git - v4.2.4,https://github.com/isaacs/minimatch.git - v5.1.7 #75
CVE-2026-33916

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> nodemailer-express-handlebars-5.0.0.tgz (Root Library)

   -> express-handlebars-6.0.7.tgz

     -> ❌ handlebars-4.7.7.tgz (Vulnerable Library)

Medium 4.7 Transitive handlebars-4.7.7.tgz nodemailer-express-handlebars-5.0.0.tgz Transitive https://github.com/handlebars-lang/handlebars.js.git - v4.7.9 None
CVE-2026-3449

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> jsdom-20.0.3.tgz (Root Library)

   -> http-proxy-agent-5.0.0.tgz

     -> ❌ once-2.0.0.tgz (Vulnerable Library)

Low 3.3 Transitive once-2.0.0.tgz jsdom-20.0.3.tgz Transitive 3.0.1 None

✔️ Remediated vulnerabilities:

Vulnerability Vulnerable Library
CVE-2025-13465 lodash-4.17.21.tgz
CVE-2026-2950 lodash-4.17.21.tgz

Base branch total remaining vulnerabilities: 17
Base branch commit: null


Total libraries scanned: 172

Scan token: 60bd6d031b7b4964b83dd9d949546e4f

View more details on Mend for GitHub.com