chore(deps): bump lodash from 4.17.21 to 4.17.23 by dependabot[bot] · Pull Request #7303 · DataDog/dd-trace-js

dependabot · 2026-01-21T23:38:23Z

Bumps lodash from 4.17.21 to 4.17.23.

Commits

dec55b7 Bump main to v4.17.23 (#6088)
19c9251 fix: setCacheHas JSDoc return type should be boolean (#6071)
b5e6729 jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (#6062)
edadd45 Prevent prototype pollution on baseUnset function
4879a7a doc: fix autoLink function, conversion of source links (#6056)
9648f69 chore: remove yarn.lock file (#6053)
dfa407d ci: remove legacy configuration files (#6052)
156e196 feat: add renovate setup (#6039)
933e106 ci: add pipeline for Bun (#6023)
072a807 docs: update links related to Open JS Foundation (#5968)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

codecov · 2026-01-21T23:45:00Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 86.03%. Comparing base (6b0ccd2) to head (c3008a1).
⚠️ Report is 3 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #7303   +/-   ##
=======================================
  Coverage   86.03%   86.03%           
=======================================
  Files         513      513           
  Lines       22245    22245           
=======================================
  Hits        19139    19139           
  Misses       3106     3106

Flag	Coverage Δ
aiguard-macos	`99.09% <ø> (ø)`
aiguard-ubuntu	`99.09% <ø> (ø)`
aiguard-windows	`99.09% <ø> (ø)`
apm-capabilities-tracing-macos	`57.85% <ø> (ø)`
apm-capabilities-tracing-ubuntu	`57.85% <ø> (ø)`
apm-capabilities-tracing-windows	`57.46% <ø> (ø)`
apm-integrations-child-process	`99.19% <ø> (ø)`
apm-integrations-couchbase-18	`100.00% <ø> (ø)`
apm-integrations-couchbase-eol	`100.00% <ø> (ø)`
appsec-express	`62.46% <ø> (ø)`
appsec-fastify	`58.48% <ø> (ø)`
appsec-graphql	`53.41% <ø> (ø)`
appsec-kafka	`43.98% <ø> (ø)`
appsec-ldapjs	`46.04% <ø> (ø)`
appsec-lodash	`47.29% <ø> (ø)`
appsec-macos	`93.74% <ø> (ø)`
appsec-mongodb-core	`51.82% <ø> (ø)`
appsec-mongoose	`50.73% <ø> (ø)`
appsec-mysql	`54.20% <ø> (ø)`
appsec-node-serialize	`43.92% <ø> (ø)`
appsec-passport	`48.10% <ø> (ø)`
appsec-postgres	`54.55% <ø> (ø)`
appsec-sourcing	`33.80% <ø> (ø)`
appsec-template	`43.92% <ø> (ø)`
appsec-ubuntu	`93.74% <ø> (ø)`
appsec-windows	`93.74% <ø> (ø)`
llmobs-ai	`51.97% <ø> (ø)`
llmobs-anthropic	`42.62% <ø> (ø)`
llmobs-bedrock	`39.95% <ø> (ø)`
llmobs-google-genai	`45.79% <ø> (ø)`
llmobs-langchain	`50.07% <ø> (ø)`
llmobs-openai	`55.51% <ø> (ø)`
llmobs-vertex-ai	`44.36% <ø> (ø)`
platform-core	`87.23% <ø> (ø)`
platform-instrumentations-misc	`73.68% <ø> (ø)`
platform-shimmer	`98.82% <ø> (ø)`
platform-unit-guardrails	`89.47% <ø> (ø)`
profiling-macos	`70.74% <ø> (ø)`
profiling-ubuntu	`70.74% <ø> (ø)`
profiling-windows	`74.18% <ø> (ø)`

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

pr-commenter · 2026-01-21T23:45:28Z

Benchmarks

Benchmark execution time: 2026-01-23 11:35:06

Comparing candidate commit c3008a1 in PR branch dependabot/npm_and_yarn/lodash-4.17.23 with baseline commit 6b0ccd2 in branch master.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 232 metrics, 28 unstable metrics.

github-actions · 2026-01-22T13:04:32Z

Overall package size

Self size: 4.45 MB
Deduped: 5.29 MB
No deduping: 5.29 MB

Dependency sizes

| name | version | self size | total size | |------|---------|-----------|------------| | import-in-the-middle | 2.0.3 | 76.87 kB | 808.03 kB | | dc-polyfill | 0.1.10 | 26.73 kB | 26.73 kB |

_{🤖 This report was automatically generated by heaviest-objects-in-the-universe}

watson · 2026-01-22T13:07:57Z

@dependabot rebase

BridgeAR · 2026-01-22T21:42:25Z

@watson this needs #7316 to pass the CI

BridgeAR · 2026-01-23T11:24:26Z

@dependabot recreate

Bumps [lodash](https://github.com/lodash/lodash) from 4.17.21 to 4.17.23. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) --- updated-dependencies: - dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps [lodash](https://github.com/lodash/lodash) from 4.17.21 to 4.17.23. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) --- updated-dependencies: - dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot bot added dependabot dependencies javascript Pull requests that update javascript code semver-patch labels Jan 21, 2026

dependabot bot requested a review from a team as a code owner January 21, 2026 23:38

dependabot bot added dependencies javascript Pull requests that update javascript code dependabot labels Jan 21, 2026

watson approved these changes Jan 22, 2026

View reviewed changes

watson enabled auto-merge (squash) January 22, 2026 13:04

dependabot bot force-pushed the dependabot/npm_and_yarn/lodash-4.17.23 branch from bd3a108 to dbde0c1 Compare January 22, 2026 13:08

dependabot bot force-pushed the dependabot/npm_and_yarn/lodash-4.17.23 branch from dbde0c1 to c3008a1 Compare January 23, 2026 11:25

BridgeAR approved these changes Jan 23, 2026

View reviewed changes

watson merged commit 78a0536 into master Jan 23, 2026
829 of 832 checks passed

watson deleted the dependabot/npm_and_yarn/lodash-4.17.23 branch January 23, 2026 20:02

dd-octo-sts bot mentioned this pull request Jan 24, 2026

v5.83.1 proposal #7324

Closed

dd-octo-sts bot mentioned this pull request Jan 27, 2026

v5.84.0 proposal #7347

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump lodash from 4.17.21 to 4.17.23#7303

chore(deps): bump lodash from 4.17.21 to 4.17.23#7303
watson merged 1 commit intomasterfrom
dependabot/npm_and_yarn/lodash-4.17.23

dependabot bot commented on behalf of github Jan 21, 2026 •

edited

Loading

Uh oh!

codecov bot commented Jan 21, 2026 •

edited

Loading

Uh oh!

pr-commenter bot commented Jan 21, 2026 •

edited

Loading

Uh oh!

github-actions bot commented Jan 22, 2026 •

edited

Loading

Uh oh!

watson commented Jan 22, 2026

Uh oh!

BridgeAR commented Jan 22, 2026

Uh oh!

BridgeAR commented Jan 23, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

dependabot bot commented on behalf of github Jan 21, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

codecov bot commented Jan 21, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

pr-commenter bot commented Jan 21, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Benchmarks

Uh oh!

github-actions bot commented Jan 22, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Overall package size

Uh oh!

watson commented Jan 22, 2026

Uh oh!

BridgeAR commented Jan 22, 2026

Uh oh!

BridgeAR commented Jan 23, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

dependabot bot commented on behalf of github Jan 21, 2026 •

edited

Loading

codecov bot commented Jan 21, 2026 •

edited

Loading

pr-commenter bot commented Jan 21, 2026 •

edited

Loading

github-actions bot commented Jan 22, 2026 •

edited

Loading