Closed Ravi-Kishore-M closed 5 months ago
Why did you skip this?
If this is a false positive or false negative:
- How did you run the tool? Command line? Browser extension?
- Can you provide a link to the file(s) containing the libraries?
- Are the libraries bundeled with a minifier? If so which one?
Thanks for the quick fix, Please release new features with a new release branch to avoid these issues
Retire.js version: (
retire --version
): 4.3.1node version: (
node --version
): v16Description:
lodash is also scanning other lodash packages (ex. list given below) and reporting as vulnerable packages, even though they are upto date as per their releases "lodash.escaperegexp": "^4.1.2", "lodash.isboolean": "^3.0.3", "lodash.isequal": "^4.5.0", "lodash.isfunction": "^3.0.9", "lodash.isnil": "^4.0.0"
Expected behaviour:
lodash should only scan for lodash package
If this is a false positive or false negative: