From 4e3d483a6ce8f4985af72fb24ea584d0344faa41 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 22 Jan 2026 09:30:28 +0000
Subject: [PATCH] fix:
 javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingMergeCall/src-non-vulnerable-lodash/package.json
 to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LODASH-15053838
---
 .../src-non-vulnerable-lodash/package.json                      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingMergeCall/src-non-vulnerable-lodash/package.json b/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingMergeCall/src-non-vulnerable-lodash/package.json
index 26f56110158d..798effc49da1 100644
--- a/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingMergeCall/src-non-vulnerable-lodash/package.json
+++ b/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingMergeCall/src-non-vulnerable-lodash/package.json
@@ -1,5 +1,5 @@
 {
     "dependencies": {
-        "lodash": "4.17.12"
+        "lodash": "4.17.23"
     }
 }