Describe the bug
Importing the entirety of lodash triggers security tooling such as sonatype, see e.g. critical vulnerability sonatype-2019-0467.
To Reproduce
Use assets-webpack-plugin
Expected behavior
Only the parts of lodash that are actually used are included in the package.json
Webpack Config
Desktop (please complete the following information):
- OS: All
- Node version: All
- Plugin version: 7.1.1+
Describe the bug
Importing the entirety of lodash triggers security tooling such as sonatype, see e.g. critical vulnerability sonatype-2019-0467.
To Reproduce
Use
assets-webpack-pluginExpected behavior
Only the parts of lodash that are actually used are included in the
package.jsonWebpack Config
Desktop (please complete the following information):