From 7a45f430713992d6de4b972ef831027b5d441cd4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20NEDJAR?= <sebastien@nedjar.com>
Date: Mon, 13 Apr 2026 04:54:27 +0200
Subject: [PATCH] fix: Bump lodash and lodash-es to 4.18 to address dependabot
 alerts.

---
 package-lock.json | 12 ++++++------
 package.json      |  3 ++-
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index c36f82c3..53f0d8bf 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -4366,16 +4366,16 @@
       }
     },
     "node_modules/lodash": {
-      "version": "4.17.23",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz",
-      "integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==",
+      "version": "4.18.1",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.18.1.tgz",
+      "integrity": "sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==",
       "dev": true,
       "license": "MIT"
     },
     "node_modules/lodash-es": {
-      "version": "4.17.23",
-      "resolved": "https://registry.npmjs.org/lodash-es/-/lodash-es-4.17.23.tgz",
-      "integrity": "sha512-kVI48u3PZr38HdYz98UmfPnXl2DXrpdctLrFLCd3kOx1xUkOmpFPx7gCWWM5MPkL/fD8zb+Ph0QzjGFs4+hHWg==",
+      "version": "4.18.1",
+      "resolved": "https://registry.npmjs.org/lodash-es/-/lodash-es-4.18.1.tgz",
+      "integrity": "sha512-J8xewKD/Gk22OZbhpOVSwcs60zhd95ESDwezOFuA3/099925PdHJ7OFHNTGtajL3AlZkykD32HykiMo+BIBI8A==",
       "dev": true,
       "license": "MIT"
     },
diff --git a/package.json b/package.json
index e4cecac1..74d624d2 100644
--- a/package.json
+++ b/package.json
@@ -43,7 +43,8 @@
   },
   "overrides": {
     "picomatch": "^4.0.4",
-    "lodash": "^4.17.22",
+    "lodash": "^4.18.0",
+    "lodash-es": "^4.18.0",
     "tmp": "^0.2.4",
     "brace-expansion": "^2.0.3"
   }