chore(deps): update dependency lodash to v4.17.23 [security]

2026-01-23 16:35:08 +00:00 · 2026-01-23 16:35:08 +00:00 · b5ceffed43
parent ae2ac9d50f
commit b5ceffed43
3 changed files with 14 additions and 10 deletions
--- a/package.json
+++ b/package.json
@ -54,7 +54,7 @@
 	},
 	"resolutions": {
 		"chokidar": "5.0.0",
-		"lodash": "4.17.21"
+		"lodash": "4.17.23"
 	},
 	"dependencies": {
 		"cssnano": "7.1.2",
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@ -6,7 +6,7 @@ settings:

 overrides:
  chokidar: 5.0.0
-  lodash: 4.17.21
+  lodash: 4.17.23
  '@aiscript-dev/aiscript-languageserver': '-'

 importers:
@ -8029,8 +8029,8 @@ packages:
  lodash.uniq@4.5.0:
    resolution: {integrity: sha512-xfBaXQd9ryd9dlSDvnvI0lvxfLJlYAZzXomUYzLKtUeOQvOP5piqAWuGtrhWeqaXK9hhoM/iyJc5AV+XfsX3HQ==}

-  lodash@4.17.21:
-    resolution: {integrity: sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==}
+  lodash@4.17.23:
+    resolution: {integrity: sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==}

  log-symbols@4.1.0:
    resolution: {integrity: sha512-8XPvpAA8uyhfteu8pIvQxpJZ7SYYdpUivZpGy6sFsBuKRY/7rQGavedeB8aK+Zkyq6upMFVL/9AW6vOYzfRyLg==}
@ -10267,10 +10267,12 @@ packages:
  tar@6.2.1:
    resolution: {integrity: sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==}
    engines: {node: '>=10'}
+    deprecated: Old versions of tar are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exhorbitant rates) by contacting i@izs.me

  tar@7.5.2:
    resolution: {integrity: sha512-7NyxrTE4Anh8km8iEy7o0QYPs+0JKBTj5ZaqHg6B39erLg0qYXN3BijtShwbsNSvQ+LN75+KV+C4QR/f6Gwnpg==}
    engines: {node: '>=18'}
+    deprecated: Old versions of tar are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exhorbitant rates) by contacting i@izs.me

  taskkill@5.0.0:
    resolution: {integrity: sha512-+HRtZ40Vc+6YfCDWCeAsixwxJgMbPY4HHuTgzPYH3JXvqHWUlsCfy+ylXlAKhFNcuLp4xVeWeFBUhDk+7KYUvQ==}
@ -13242,7 +13244,7 @@ snapshots:
      '@rushstack/terminal': 0.19.5(@types/node@24.10.4)
      '@rushstack/ts-command-line': 5.1.5(@types/node@24.10.4)
      diff: 8.0.2
-      lodash: 4.17.21
+      lodash: 4.17.23
      minimatch: 10.0.3
      resolve: 1.22.11
      semver: 7.5.4
@ -15164,7 +15166,7 @@ snapshots:
      chalk: 3.0.0
      css.escape: 1.5.1
      dom-accessibility-api: 0.6.3
-      lodash: 4.17.21
+      lodash: 4.17.23
      redent: 3.0.0

  '@testing-library/jest-dom@6.9.1':
@ -16212,7 +16214,7 @@ snapshots:
      graceful-fs: 4.2.11
      is-stream: 2.0.1
      lazystream: 1.0.1
-      lodash: 4.17.21
+      lodash: 4.17.23
      normalize-path: 3.0.0
      readable-stream: 4.7.0

@ -17166,7 +17168,7 @@ snapshots:
      hasha: 5.2.2
      is-installed-globally: 0.4.0
      listr2: 3.14.0(enquirer@2.4.1)
-      lodash: 4.17.21
+      lodash: 4.17.23
      log-symbols: 4.1.0
      minimist: 1.2.8
      ospath: 1.2.2
@ -19662,7 +19664,7 @@ snapshots:

  lodash.uniq@4.5.0: {}

-  lodash@4.17.21: {}
+  lodash@4.17.23: {}

  log-symbols@4.1.0:
    dependencies:
@ -22907,7 +22909,7 @@ snapshots:
    dependencies:
      axios: 1.13.2(debug@4.4.3)
      joi: 18.0.1
-      lodash: 4.17.21
+      lodash: 4.17.23
      minimist: 1.2.8
      rxjs: 7.8.2
    transitivePeerDependencies:
--- a/pnpm-workspace.yaml
+++ b/pnpm-workspace.yaml
@ -36,3 +36,5 @@ minimumReleaseAge: 10080 # delay 7days to mitigate supply-chain attack
 minimumReleaseAgeExclude:
  - '@syuilo/aiscript'
  - systeminformation # 脆弱性対応。そのうち消すこと
+  # Renovate security update: lodash@4.17.23
+  - lodash@4.17.23