assets-webpack-plugin icon indicating copy to clipboard operation
assets-webpack-plugin copied to clipboard

Published 20 hours ago verified publisher icon ztoben

Critical vulnerabilities in lodash

Open teepe-ABN opened this issue 1 year ago • 0 comments

Describe the bug Importing the entirety of lodash triggers security tooling such as sonatype, see e.g. critical vulnerability sonatype-2019-0467.

To Reproduce Use assets-webpack-plugin

Expected behavior Only the parts of lodash that are actually used are included in the package.json

Webpack Config

Desktop (please complete the following information):

  • OS: All
  • Node version: All
  • Plugin version: 7.1.1+

teepe-ABN avatar Nov 29 '23 14:11 teepe-ABN