Open m-a-d1 opened 2 years ago
I think the best approach would be to include the core package and import only the template function like the article recommends.
We only would need to check if the changes between 4.5.0 and 4.17.21 could affect the functionality of the template function and do the necessary changes
Snyk reports a security vulnerability for this package because of the dependency on the lodash.template standalone package. You can see the report here: https://security.snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054
However, it doesn't look like lodash is supporting standalone packages anymore: https://lodash.com/per-method-packages and there isn't an updated package with a security patch (besides the core lodash package).
Let me know if more details are needed.