chore(deps): bump lodash from 4.17.21 to 4.18.1

[dependabot]

Bumps lodash from 4.17.21 to 4.18.1.

Release notes

Sourced from lodash's releases.

4.18.1

Bugs

Fixes a ReferenceError issue in lodash lodash-es lodash-amd and lodash.template when using the template and fromPairs functions from the modular builds. See lodash/lodash#6167

These defects were related to how lodash distributions are built from the main branch using https://github.com/lodash-archive/lodash-cli. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.

There is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:

• lodash: lodash/lodash@4.18.0-npm...4.18.1-npm
• lodash-es: lodash/lodash@4.18.0-es...4.18.1-es
• lodash-amd: lodash/lodash@4.18.0-amd...4.18.1-amd
• lodash.templatelodash/lodash@4.18.0-npm-packages...4.18.1-npm-packages

4.18.0

v4.18.0

Full Changelog: lodash/lodash@4.17.23...4.18.0

Security

_.unset / _.omit: Fixed prototype pollution via constructor/prototype path traversal (GHSA-f23m-r3pf-42rh, fe8d32e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now constructor and prototype are blocked unconditionally as non-terminal path keys, matching baseSet. Calls that previously returned true and deleted the property now return false and leave the target untouched.

_.template: Fixed code injection via imports keys (GHSA-r5fr-rjxr-66jc, CVE-2026-4800, 879aaa9). Fixes an incomplete patch for CVE-2021-23337. The variable option was validated against reForbiddenIdentifierChars but importsKeys was left unguarded, allowing code injection via the same Function() constructor sink. imports keys containing forbidden identifier characters now throw "Invalid imports option passed into _.template".

Docs

• Add security notice for _.template in threat model and API docs (#6099)
• Document lower > upper behavior in _.random (#6115)
• Fix quotes in _.compact jsdoc (#6090)

lodash.* modular packages

Diff

We have also regenerated and published a select number of the lodash.* modular packages.

These modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:

• lodash.orderby
• lodash.tonumber
• lodash.trim
• lodash.trimend
• lodash.sortedindexby
• lodash.zipobjectdeep
• lodash.unset
• lodash.omit
• lodash.template

Commits

• cb0b9b9 release(patch): bump main to 4.18.1 (#6177)
• 75535f5 chore: prune stale advisory refs (#6170)
• 62e91bc docs: remove n_ Node.js < 6 REPL note from README (#6165)
• 59be2de release(minor): bump to 4.18.0 (#6161)
• af63457 fix: broken tests for _.template 879aaa9
• 1073a76 fix: linting issues
• 879aaa9 fix: validate imports keys in _.template
• fe8d32e fix: block prototype pollution in baseUnset via constructor/prototype traversal
• 18ba0a3 refactor(fromPairs): use baseAssignValue for consistent assignment (#6153)
• b819080 ci: add dist sync validation workflow (#6137)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[github-actions]

Size Change: 0 B

Total Size: 123 MB

ℹ️ View Unchanged

Filename	Size
frontend/dist/368Hedgehogs	5.26 kB
frontend/dist/abap	14.2 kB
frontend/dist/Action	20.5 kB
frontend/dist/Actions	1.02 kB
frontend/dist/AdvancedActivityLogsScene	33.9 kB
frontend/dist/AgenticAuthorize	5.25 kB
frontend/dist/apex	3.95 kB
frontend/dist/ApprovalDetail	16.2 kB
frontend/dist/array.full.es5.js	324 kB
frontend/dist/array.full.js	420 kB
frontend/dist/array.js	176 kB
frontend/dist/AsyncMigrations	13.1 kB
frontend/dist/AuthorizationStatus	716 B
frontend/dist/azcli	846 B
frontend/dist/bat	1.84 kB
frontend/dist/BatchExportScene	70.3 kB
frontend/dist/bicep	2.55 kB
frontend/dist/Billing	493 B
frontend/dist/BillingSection	20.7 kB
frontend/dist/BoxPlot	4.99 kB
frontend/dist/browserAll-0QZMN1W2	37.4 kB
frontend/dist/ButtonPrimitives	562 B
frontend/dist/CalendarHeatMap	4.79 kB
frontend/dist/cameligo	2.19 kB
frontend/dist/changeRequestsLogic	544 B
frontend/dist/CLIAuthorize	11.3 kB
frontend/dist/CLILive	3.98 kB
frontend/dist/clojure	9.64 kB
frontend/dist/coffee	3.59 kB
frontend/dist/Cohort	23.2 kB
frontend/dist/CohortCalculationHistory	6.22 kB
frontend/dist/Cohorts	9.39 kB
frontend/dist/ConfirmOrganization	4.48 kB
frontend/dist/conversations.js	63.8 kB
frontend/dist/Coupons	720 B
frontend/dist/cpp	5.3 kB
frontend/dist/Create	655 B
frontend/dist/crisp-chat-integration.js	1.88 kB
frontend/dist/csharp	4.52 kB
frontend/dist/csp	1.42 kB
frontend/dist/css	4.51 kB
frontend/dist/cssMode	4.16 kB
frontend/dist/CustomCssScene	3.55 kB
frontend/dist/CustomerAnalyticsConfigurationScene	1.99 kB
frontend/dist/CustomerAnalyticsScene	26.4 kB
frontend/dist/CustomerJourneyBuilderScene	1.6 kB
frontend/dist/CustomerJourneyTemplatesScene	7.39 kB
frontend/dist/customizations.full.js	17.8 kB
frontend/dist/CyclotronJobInputAssignee	1.32 kB
frontend/dist/CyclotronJobInputTicketTags	711 B
frontend/dist/cypher	3.38 kB
frontend/dist/dart	4.25 kB
frontend/dist/Dashboard	1.04 kB
frontend/dist/Dashboards	14.7 kB
frontend/dist/DataManagementScene	646 B
frontend/dist/DataPipelinesNewScene	2.32 kB
frontend/dist/DataWarehouseScene	1.19 kB
frontend/dist/DataWarehouseSourceScene	634 B
frontend/dist/Deactivated	1.13 kB
frontend/dist/dead-clicks-autocapture.js	13 kB
frontend/dist/DeadLetterQueue	5.38 kB
frontend/dist/DebugScene	20 kB
frontend/dist/decompressionWorker	2.85 kB
frontend/dist/decompressionWorker.js	2.85 kB
frontend/dist/DefinitionEdit	7.11 kB
frontend/dist/DefinitionView	22.7 kB
frontend/dist/DestinationsScene	2.71 kB
frontend/dist/dist	575 B
frontend/dist/dockerfile	1.87 kB
frontend/dist/EarlyAccessFeature	719 B
frontend/dist/EarlyAccessFeatures	2.84 kB
frontend/dist/ecl	5.34 kB
frontend/dist/EditorScene	828 B
frontend/dist/elixir	10.3 kB
frontend/dist/elk.bundled	1.44 MB
frontend/dist/EmailMFAVerify	2.98 kB
frontend/dist/EndpointScene	37.1 kB
frontend/dist/EndpointsScene	21 kB
frontend/dist/ErrorTrackingConfigurationScene	2.19 kB
frontend/dist/ErrorTrackingIssueFingerprintsScene	6.98 kB
frontend/dist/ErrorTrackingIssueScene	81.8 kB
frontend/dist/ErrorTrackingScene	12.9 kB
frontend/dist/EvaluationTemplates	575 B
frontend/dist/EventsScene	2.44 kB
frontend/dist/exception-autocapture.js	11.7 kB
frontend/dist/Experiment	261 kB
frontend/dist/Experiments	17.1 kB
frontend/dist/exporter	20 MB
frontend/dist/exporter.js	20 MB
frontend/dist/ExportsScene	3.86 kB
frontend/dist/FeatureFlag	102 kB
frontend/dist/FeatureFlags	572 B
frontend/dist/FeatureFlagTemplatesScene	7.03 kB
frontend/dist/FlappyHog	5.78 kB
frontend/dist/flow9	1.81 kB
frontend/dist/freemarker2	16.7 kB
frontend/dist/fsharp	2.98 kB
frontend/dist/go	2.65 kB
frontend/dist/graphql	2.26 kB
frontend/dist/Group	14.5 kB
frontend/dist/Groups	3.92 kB
frontend/dist/GroupsNew	7.34 kB
frontend/dist/handlebars	7.34 kB
frontend/dist/hcl	3.59 kB
frontend/dist/HealthScene	12 kB
frontend/dist/HeatmapNewScene	4.16 kB
frontend/dist/HeatmapRecordingScene	3.92 kB
frontend/dist/HeatmapScene	6.04 kB
frontend/dist/HeatmapsScene	3.88 kB
frontend/dist/hls	394 kB
frontend/dist/HogFunctionScene	59 kB
frontend/dist/HogRepl	7.37 kB
frontend/dist/html	5.58 kB
frontend/dist/htmlMode	4.62 kB
frontend/dist/image-blob-reduce.esm	49.4 kB
frontend/dist/InboxScene	57.2 kB
frontend/dist/index	267 kB
frontend/dist/index.js	267 kB
frontend/dist/ini	1.1 kB
frontend/dist/InsightOptions	4.79 kB
frontend/dist/InsightScene	27 kB
frontend/dist/IntegrationsRedirect	733 B
frontend/dist/intercom-integration.js	1.93 kB
frontend/dist/InviteSignup	13.3 kB
frontend/dist/java	3.22 kB
frontend/dist/javascript	985 B
frontend/dist/jsonMode	13.9 kB
frontend/dist/julia	7.22 kB
frontend/dist/kotlin	3.4 kB
frontend/dist/lazy	151 kB
frontend/dist/LegacyPluginScene	26.6 kB
frontend/dist/LemonTextAreaMarkdown	502 B
frontend/dist/less	3.9 kB
frontend/dist/lexon	2.44 kB
frontend/dist/lib	2.22 kB
frontend/dist/Link	468 B
frontend/dist/LinkScene	24.8 kB
frontend/dist/LinksScene	4.19 kB
frontend/dist/liquid	4.52 kB
frontend/dist/LiveDebugger	19.1 kB
frontend/dist/LiveEventsTable	4.44 kB
frontend/dist/LLMAnalyticsClusterScene	15.7 kB
frontend/dist/LLMAnalyticsClustersScene	43 kB
frontend/dist/LLMAnalyticsDatasetScene	19.7 kB
frontend/dist/LLMAnalyticsDatasetsScene	3.28 kB
frontend/dist/LLMAnalyticsEvaluation	40.5 kB
frontend/dist/LLMAnalyticsEvaluationsScene	29.3 kB
frontend/dist/LLMAnalyticsPlaygroundScene	36.3 kB
frontend/dist/LLMAnalyticsScene	113 kB
frontend/dist/LLMAnalyticsSessionScene	13.4 kB
frontend/dist/LLMAnalyticsTraceScene	127 kB
frontend/dist/LLMAnalyticsUsers	526 B
frontend/dist/LLMASessionFeedbackDisplay	4.83 kB
frontend/dist/LLMPromptScene	16.9 kB
frontend/dist/LLMPromptsScene	4.21 kB
frontend/dist/Login	8.49 kB
frontend/dist/Login2FA	4.21 kB
frontend/dist/logs.js	38.3 kB
frontend/dist/LogsScene	18.7 kB
frontend/dist/lua	2.12 kB
frontend/dist/m3	2.81 kB
frontend/dist/main	819 kB
frontend/dist/ManagedMigration	14 kB
frontend/dist/markdown	3.79 kB
frontend/dist/MarketingAnalyticsScene	24.6 kB
frontend/dist/MaterializedColumns	10.2 kB
frontend/dist/Max	835 B
frontend/dist/mdx	5.39 kB
frontend/dist/MessageTemplate	16.3 kB
frontend/dist/MetricsScene	833 B
frontend/dist/mips	2.58 kB
frontend/dist/ModelsScene	13.6 kB
frontend/dist/MonacoDiffEditor	403 B
frontend/dist/monacoEditorWorker	288 kB
frontend/dist/monacoEditorWorker.js	288 kB
frontend/dist/monacoJsonWorker	419 kB
frontend/dist/monacoJsonWorker.js	419 kB
frontend/dist/monacoTsWorker	7.02 MB
frontend/dist/monacoTsWorker.js	7.02 MB
frontend/dist/MoveToPostHogCloud	4.46 kB
frontend/dist/msdax	4.91 kB
frontend/dist/mysql	11.3 kB
frontend/dist/NavTabChat	4.63 kB
frontend/dist/NewSourceWizard	758 B
frontend/dist/NewTabScene	681 B
frontend/dist/NodeDetailScene	15.5 kB
frontend/dist/NotebookCanvasScene	3.06 kB
frontend/dist/NotebookPanel	5.08 kB
frontend/dist/NotebookScene	8.07 kB
frontend/dist/NotebooksScene	7.58 kB
frontend/dist/OAuthAuthorize	573 B
frontend/dist/objective-c	2.41 kB
frontend/dist/Onboarding	671 kB
frontend/dist/OnboardingCouponRedemption	1.19 kB
frontend/dist/pascal	2.99 kB
frontend/dist/pascaligo	2 kB
frontend/dist/passkeyLogic	484 B
frontend/dist/PasswordReset	4.32 kB
frontend/dist/PasswordResetComplete	2.94 kB
frontend/dist/perl	8.25 kB
frontend/dist/PersonScene	16 kB
frontend/dist/PersonsScene	4.73 kB
frontend/dist/pgsql	13.5 kB
frontend/dist/php	8.02 kB
frontend/dist/PipelineStatusScene	6.22 kB
frontend/dist/pla	1.68 kB
frontend/dist/posthog	251 kB
frontend/dist/postiats	7.86 kB
frontend/dist/powerquery	16.9 kB
frontend/dist/powershell	3.27 kB
frontend/dist/PreflightCheck	5.53 kB
frontend/dist/product-tours.js	115 kB
frontend/dist/ProductTour	273 kB
frontend/dist/ProductTours	4.7 kB
frontend/dist/ProjectHomepage	21.9 kB
frontend/dist/protobuf	9.05 kB
frontend/dist/pug	4.82 kB
frontend/dist/python	4.76 kB
frontend/dist/qsharp	3.19 kB
frontend/dist/r	3.13 kB
frontend/dist/razor	9.35 kB
frontend/dist/recorder-v2.js	111 kB
frontend/dist/recorder.js	111 kB
frontend/dist/redis	3.55 kB
frontend/dist/redshift	11.8 kB
frontend/dist/RegionMap	29.4 kB
frontend/dist/render-query	19.7 MB
frontend/dist/render-query.js	19.7 MB
frontend/dist/ResourceTransfer	9.17 kB
frontend/dist/restructuredtext	3.9 kB
frontend/dist/RevenueAnalyticsScene	25.6 kB
frontend/dist/ruby	8.5 kB
frontend/dist/rust	4.16 kB
frontend/dist/SavedInsights	664 B
frontend/dist/sb	1.82 kB
frontend/dist/scala	7.32 kB
frontend/dist/scheme	1.77 kB
frontend/dist/scss	6.41 kB
frontend/dist/SdkDoctorScene	11 kB
frontend/dist/SessionAttributionExplorerScene	6.6 kB
frontend/dist/SessionGroupSummariesTable	4.62 kB
frontend/dist/SessionGroupSummaryScene	17 kB
frontend/dist/SessionProfileScene	15.8 kB
frontend/dist/SessionRecordingDetail	1.73 kB
frontend/dist/SessionRecordingFilePlaybackScene	4.46 kB
frontend/dist/SessionRecordings	742 B
frontend/dist/SessionRecordingsKiosk	8.84 kB
frontend/dist/SessionRecordingsPlaylistScene	4.1 kB
frontend/dist/SessionRecordingsSettingsScene	1.9 kB
frontend/dist/SessionsScene	3.86 kB
frontend/dist/SettingsScene	2.98 kB
frontend/dist/SharedMetric	15.7 kB
frontend/dist/SharedMetrics	515 B
frontend/dist/shell	3.07 kB
frontend/dist/SignupContainer	22.8 kB
frontend/dist/Site	1.18 kB
frontend/dist/solidity	18.6 kB
frontend/dist/sophia	2.76 kB
frontend/dist/SourcesScene	5.96 kB
frontend/dist/sourceWizardLogic	662 B
frontend/dist/sparql	2.55 kB
frontend/dist/sql	10.3 kB
frontend/dist/SqlVariableEditScene	7.24 kB
frontend/dist/st	7.4 kB
frontend/dist/StartupProgram	21.2 kB
frontend/dist/SupportSettingsScene	40.3 kB
frontend/dist/SupportTicketScene	22.7 kB
frontend/dist/SupportTicketsScene	733 B
frontend/dist/Survey	746 B
frontend/dist/SurveyFormBuilder	1.54 kB
frontend/dist/Surveys	18.2 kB
frontend/dist/surveys.js	89.8 kB
frontend/dist/SurveyWizard	56.1 kB
frontend/dist/swift	5.27 kB
frontend/dist/SystemStatus	16.8 kB
frontend/dist/systemverilog	7.61 kB
frontend/dist/TaskDetailScene	19 kB
frontend/dist/TaskTracker	16.3 kB
frontend/dist/tcl	3.57 kB
frontend/dist/TextCardMarkdownEditor	10.9 kB
frontend/dist/toolbar	9.47 MB
frontend/dist/toolbar.js	9.47 MB
frontend/dist/ToolbarLaunch	2.52 kB
frontend/dist/tracing-headers.js	1.74 kB
frontend/dist/TracingScene	14.7 kB
frontend/dist/TransformationsScene	1.95 kB
frontend/dist/tsMode	24 kB
frontend/dist/twig	5.97 kB
frontend/dist/TwoFactorReset	3.98 kB
frontend/dist/typescript	240 B
frontend/dist/typespec	2.82 kB
frontend/dist/Unsubscribe	1.62 kB
frontend/dist/UserInterview	4.53 kB
frontend/dist/UserInterviews	2.01 kB
frontend/dist/vb	5.79 kB
frontend/dist/VercelConnect	4.02 kB
frontend/dist/VercelLinkError	1.9 kB
frontend/dist/VerifyEmail	4.48 kB
frontend/dist/vimMode	211 kB
frontend/dist/VisualReviewRunScene	18.7 kB
frontend/dist/VisualReviewRunsScene	6.12 kB
frontend/dist/VisualReviewSettingsScene	9.95 kB
frontend/dist/web-vitals.js	6.39 kB
frontend/dist/WebAnalyticsScene	5.7 kB
frontend/dist/WebGLRenderer-DYjOwNoG	60.3 kB
frontend/dist/WebGPURenderer-B_wkl_Ja	36.3 kB
frontend/dist/WebScriptsScene	2.57 kB
frontend/dist/webworkerAll-puPV1rBA	319 B
frontend/dist/wgsl	7.34 kB
frontend/dist/Wizard	4.45 kB
frontend/dist/WorkflowScene	101 kB
frontend/dist/WorkflowsScene	46.9 kB
frontend/dist/WorldMap	4.73 kB
frontend/dist/xml	2.98 kB
frontend/dist/yaml	4.6 kB

_{compressed-size-action}

[github-actions]

This PR hasn't seen activity in a week! Should it be merged, closed, or further worked on? If you want to keep it open, please remove the stale label – otherwise this will be closed in another week. If you want to permanently keep it open, use the waiting label.

[github-actions]

This PR was closed due to lack of activity. Feel free to reopen if it's still relevant.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.