[Snyk] Security upgrade lodash from 4.17.23 to 4.18.1

[codecademydev]

Snyk has created this PR to fix 2 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

• package.json

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

⚠️ Warning

Failed to update the yarn.lock, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Arbitrary Code Injection SNYK-JS-LODASH-15869625	716
	Prototype Pollution SNYK-JS-LODASH-15869619	631

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Arbitrary Code Injection

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 89.76%. Comparing base (3b3e304) to head (98b5ed0).
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3315      +/-   ##
==========================================
- Coverage   89.88%   89.76%   -0.12%     
==========================================
  Files         377      369       -8     
  Lines        5593     5511      -82     
  Branches     1779     1759      -20     
==========================================
- Hits         5027     4947      -80     
+ Misses        558      556       -2     
  Partials        8        8              

Flag	Coverage Δ
main	?
pull-request	89.76% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 226206171a

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[LinKCoding]

Will be working off this one, will delete the other related PRs after this one is resolved in case the bot re-creates closed tix

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 2 committers have signed the CLA.

✅ LinKCoding
❌ snyk-bot
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[nx-cloud]

View your CI Pipeline Execution ↗ for commit 98b5ed0

---

☁️ Nx Cloud last updated this comment at 2026-04-13 14:42:55 UTC

[codecademydev]

📬 Published Alpha Packages:

Package	Version	npm	Diff
@codecademy/gamut	68.2.3-alpha.dd07d0.0	npm	diff
@codecademy/gamut-icons	9.57.3-alpha.dd07d0.0	npm	diff
@codecademy/gamut-illustrations	0.58.10-alpha.dd07d0.0	npm	diff
@codecademy/gamut-kit	0.6.593-alpha.dd07d0.0	npm	diff
@codecademy/gamut-patterns	0.10.29-alpha.dd07d0.0	npm	diff
@codecademy/gamut-styles	17.13.2-alpha.dd07d0.0	npm	diff
@codecademy/gamut-tests	5.3.4-alpha.dd07d0.0	npm	diff
@codecademy/variance	0.26.2-alpha.dd07d0.0	npm	diff
eslint-plugin-gamut	2.4.4-alpha.dd07d0.0	npm	diff

[github-actions]

🚀 Styleguide deploy preview ready!

Preview URL: https://69dd019835f1ea858711962d--gamut-preview.netlify.app
Deploy Logs: https://app.netlify.com/projects/gamut-preview/deploys/69dd019835f1ea858711962d