42bfe34d-0cee-4a2d-a8b2-aa37d539a431
97%
master: 97%

Ran 02 Apr 2026 05:05PM UTC

Jobs 1

Files 13

Run time 1min

Badge

Embed ▾

Committed 02 Apr 2026 04:59PM UTC coverage: 96.991%. Remained the same

Build # 42bfe34d-0cee-4a2d-a8b2-aa37d539a431

Build Type

Pull #636

circleci

Committed by

Marcusg62

Commit Message

fix: override lodash and lodash-es to >=4.18.0 to resolve CVEs

Add npm overrides for lodash and lodash-es to force >=4.18.0 across
all transitive dependencies. This resolves two high-severity
vulnerabilities in lodash <=4.17.23:

- GHSA-r5fr-rjxr-66jc (Code Injection via _.template imports)
- GHSA-f23m-r3pf-42rh (Prototype Pollution via _.unset and _.omit)

The vulnerable lodash versions are transitive dependencies brought in
by karma (lodash) and mermaid/chevrotain (lodash-es). Upstream fixes
are pending (karma-runner/karma#3931, Chevrotain/chevrotain#2184),
so overrides are the practical fix for now.

Closes #635

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Pull Request Pull Request #636: fix: override lodash to >=4.18.0 to resolve CVEs

Run Details

111 of 119 branches covered (93.28%)

Branch coverage included in aggregate %.

308 of 313 relevant lines covered (98.4%)

24.68 hits per line

Jobs

ID	Job ID	Ran	Files	Coverage
1	42bfe34d-0cee-4a2d-a8b2-aa37d539a431.1	02 Apr 2026 05:05PM UTC	13	96.99

jfcere / ngx-markdown / 42bfe34d-0cee-4a2d-a8b2-aa37d539a431
97%
master: 97%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 42bfe34d-0cee-4a2d-a8b2-aa37d539a431

jfcere / ngx-markdown / 42bfe34d-0cee-4a2d-a8b2-aa37d539a431 97% master: 97%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 42bfe34d-0cee-4a2d-a8b2-aa37d539a431

jfcere / ngx-markdown / 42bfe34d-0cee-4a2d-a8b2-aa37d539a431
97%
master: 97%

README BADGES
x