package-lock.json refers to lodash 4.17.15

Question

package-lock.json refers to lodash 4.17.15

Closed this issue 4 years ago · 1 comments

Expected Behavior

User lodash 4.17.19 instead.

Current Behavior

Every github project that uses webex gets a dependabot alert. Fixing locally in the project only lasts until the next commit that updates the webex sdk.

Possible Solution (we welcome any logical suggestion)

Its likely that Dependabot has already opened a PR against the project. Just accept it.

If not manually update the minimum lodash version to 4.17.19

Steps to Reproduce

Create a project that uses webex
Push it to github
Enjoy the dependabot alert

Environment Details

SDK Version - any prior to 1.84.0 (but possibly even more recent)

Answer 1 · 2020-08-25T03:35:05.000Z

Fixed by #1822