Skip to content

build(deps): Bump lodash from 4.17.21 to 4.17.23 and brace-expansion from 5.0.0 to 5.0.1 in /typescript/vropkg/#1025

Merged
VenelinBakalov merged 3 commits intomainfrom
fix-brace-expransion-vulnerability
Feb 13, 2026
Merged

build(deps): Bump lodash from 4.17.21 to 4.17.23 and brace-expansion from 5.0.0 to 5.0.1 in /typescript/vropkg/#1025
VenelinBakalov merged 3 commits intomainfrom
fix-brace-expransion-vulnerability

Conversation

@VenelinBakalov
Copy link
Collaborator

@VenelinBakalov VenelinBakalov commented Feb 13, 2026
edited
Loading

Description

Checklist

  • I have added relevant error handling and logging messages to help troubleshooting
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation, relevant usage information (if applicable)
  • I have updated the PR title with affected component, related issue number and a short summary of the changes introduced
  • I have added labels for implementation kind (kind/) and version type (version/)
  • I have tested against live environment, if applicable
  • I have synced any structure and/or content vRA-NG improvements with vra-ng and ts-vra-ng archetypes (if applicable)
  • I have my changes rebased and squashed to the minimal number of relevant commits. Notice: don't squash all commits
  • I have added a descriptive commit message with a short title, including a Fixed #XXX - or Closed #XXX - prefix to auto-close the issue

Testing

Release Notes

Related issues and PRs

https://github.com/vmware/build-tools-for-vmware-aria/security/code-scanning/322
https://github.com/vmware/build-tools-for-vmware-aria/security/dependabot/272
https://github.com/vmware/build-tools-for-vmware-aria/security/dependabot/259

@VenelinBakalov VenelinBakalov requested a review from a team as a code owner February 13, 2026 10:09
@VenelinBakalov VenelinBakalov changed the title build(deps): Bump lodash and brace-expansion in /typescript/polyglotpkg/ build(deps): Bump lodash from 4.17.21 to 4.17.23 and brace-expansion from 5.0.0 to 5.0.1 in /typescript/polyglotpkg/ Feb 13, 2026
@VenelinBakalov VenelinBakalov changed the title build(deps): Bump lodash from 4.17.21 to 4.17.23 and brace-expansion from 5.0.0 to 5.0.1 in /typescript/polyglotpkg/ build(deps): Bump lodash from 4.17.21 to 4.17.23 and brace-expansion from 5.0.0 to 5.0.1 in /typescript/vropkg/ Feb 13, 2026
@VenelinBakalov VenelinBakalov added lang/javascript Releated to Javascript code kind/dependencies Pull requests that update a dependency file labels Feb 13, 2026
@VenelinBakalov VenelinBakalov changed the title build(deps): Bump lodash from 4.17.21 to 4.17.23 and brace-expansion from 5.0.0 to 5.0.1 in /typescript/vropkg/ build(deps): Bump lodash from 4.17.21 to 4.17.23 and brace-expansion from 5.0.0 to 5.0.1 in /typescript/vropkg/ Feb 13, 2026
@VenelinBakalov VenelinBakalov merged commit bae9529 into main Feb 13, 2026
18 checks passed
@VenelinBakalov VenelinBakalov deleted the fix-brace-expransion-vulnerability branch February 13, 2026 10:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bcpmihail bcpmihail bcpmihail approved these changes

Assignees

No one assigned

Labels

kind/dependencies Pull requests that update a dependency file lang/javascript Releated to Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@VenelinBakalov @bcpmihail