[Snyk] Security upgrade lodash from 4.17.21 to 4.17.23

[mm-prodsec-bot]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• webapp/package.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Prototype Pollution SNYK-JS-LODASH-15053838	545

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

Summary by CodeRabbit

• Chores
  • Updated lodash dependency to include recent patches and improvements.

[marianunez]

@coderabbitai review this PR

[coderabbitai]

@marianunez, I'll review this security upgrade PR for you. This PR upgrades lodash from 4.17.21 to 4.17.23 to fix a medium severity Prototype Pollution vulnerability.

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

📝 Walkthrough

Walkthrough

The lodash dependency version in webapp/package.json is updated from ^4.17.21 to ^4.17.23. This is a patch version update to a public dependency with no functional code changes.

Changes

Cohort / File(s)	Summary
Dependency Version Update webapp/package.json	Lodash dependency version bumped from ^4.17.21 to ^4.17.23.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly matches the changeset: it specifies a security upgrade of lodash from version 4.17.21 to 4.17.23 in the webapp/package.json file, which is exactly what the PR implements.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch snyk-fix-330a71ddc5b5004d2999fac383defc32

Important

Action Needed: IP Allowlist Update

If your organization protects your Git platform with IP whitelisting, please add the new CodeRabbit IP address to your allowlist:

• ✨ 136.113.208.247/32 (new)
• 34.170.211.100/32
• 35.222.179.152/32

Reviews will stop working after February 8, 2026 if the new IP is not added to your allowlist.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

@marianunez, I'll review this security upgrade PR that addresses the lodash prototype pollution vulnerability. The upgrade from 4.17.21 to 4.17.23 should be straightforward for fixing the identified security issue.

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.