Open teepe-ABN opened 9 months ago
Describe the bug Importing the entirety of lodash triggers security tooling such as sonatype, see e.g. critical vulnerability sonatype-2019-0467.
To Reproduce Use assets-webpack-plugin
assets-webpack-plugin
Expected behavior Only the parts of lodash that are actually used are included in the package.json
package.json
Desktop (please complete the following information):
Describe the bug Importing the entirety of lodash triggers security tooling such as sonatype, see e.g. critical vulnerability sonatype-2019-0467.
To Reproduce Use
assets-webpack-pluginExpected behavior Only the parts of lodash that are actually used are included in the
package.jsonWebpack Config
Desktop (please complete the following information):