Please provide enough information so that others can review your pull request:
Lodash notoriously has many vulnerabilities. Even if these vulnerable parts of lodash aren't used, this will trigger vulnerability tooling such as SonaType. This pull request splits lodash into the four methods that are actually used and prevents having the entirety of lodash as a dependency.
Explain the details for making this change. What existing problem does the pull request solve?
This will prevent assets-webpack-plugin from being flagged as a package with critical vulnerabilities.
Test plan (required)
Use the plugin as-is, note it still works.
Please provide enough information so that others can review your pull request: Lodash notoriously has many vulnerabilities. Even if these vulnerable parts of lodash aren't used, this will trigger vulnerability tooling such as SonaType. This pull request splits lodash into the four methods that are actually used and prevents having the entirety of lodash as a dependency.
Explain the details for making this change. What existing problem does the pull request solve? This will prevent
assets-webpack-pluginfrom being flagged as a package with critical vulnerabilities.Test plan (required) Use the plugin as-is, note it still works.
Closing issues closes #459