VULN UPGRADE: minor: body-parser · patch: lodash

[campaigner-prod]

Summary: Critical-severity security update — 2 packages upgraded (MINOR changes included)

Manifests changed:

• . (npm)

Updates

Package	From	To	Type	Vulnerabilities Fixed
lodash	4.17.10	4.17.21	patch	1 CRITICAL, 3 HIGH, 2 MODERATE
body-parser	1.18.2	1.20.4	minor	1 HIGH

---

Security Details

🚨 Critical & High Severity (5 fixed)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
lodash	GHSA-jf85-cpcp-j695	CRITICAL	Prototype Pollution in lodash	4.17.10	4.17.12
body-parser	GHSA-qwcr-r2fm-qrc7	HIGH	body-parser vulnerable to denial of service when url encoding is enabled	1.18.2	1.20.3
lodash	GHSA-4xc9-xhrj-v574	HIGH	Prototype Pollution in lodash	4.17.10	4.17.11
lodash	GHSA-p6mc-m468-83gw	HIGH	Prototype Pollution in lodash	4.17.10	4.17.19
lodash	GHSA-35jh-r3h4-6jhm	HIGH	Command Injection in lodash	4.17.10	4.17.21

ℹ️ Other Vulnerabilities (2)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
lodash	GHSA-29mw-wpgm-hmr9	MODERATE	Regular Expression Denial of Service (ReDoS) in lodash	4.17.10	4.17.21
lodash	GHSA-x5rq-j2xg-h7qm	MODERATE	Regular Expression Denial of Service (ReDoS) in lodash	4.17.10	4.17.11

---

Review Checklist

Enhanced review recommended for this update:

• Review changes for compatibility with your code
• Check release notes for breaking changes
• Run integration tests to verify service behavior
• Test in staging environment before production
• Monitor key metrics after deployment

---

Update Mode: Vulnerability Remediation (Critical/High)

🤖 Generated by DataDog Automated Dependency Management System