wrong package version is being reported for lodash

[Ravi-Kishore-M]

Retire.js version: (retire --version): 4.3.1

node version: (node --version): v16

Description:

lodash is also scanning other lodash packages (ex. list given below) and reporting as vulnerable packages, even though they are upto date as per their releases "lodash.escaperegexp": "^4.1.2", "lodash.isboolean": "^3.0.3", "lodash.isequal": "^4.5.0", "lodash.isfunction": "^3.0.9", "lodash.isnil": "^4.0.0"

Expected behaviour:

lodash should only scan for lodash package

If this is a false positive or false negative:

• How did you run the tool? Command line? Browser extension?
• Can you provide a link to the file(s) containing the libraries?
• Are the libraries bundeled with a minifier? If so which one?

[eoftedal]

Why did you skip this?

If this is a false positive or false negative:

• How did you run the tool? Command line? Browser extension?
• Can you provide a link to the file(s) containing the libraries?
• Are the libraries bundeled with a minifier? If so which one?

[Ravi-Kishore-M]

Thanks for the quick fix, Please release new features with a new release branch to avoid these issues