package-lock.json refers to lodash 4.17.15
Closed this issue · 1 comments
jpjpjp commented
Expected Behavior
User lodash 4.17.19 instead.
Current Behavior
Every github project that uses webex gets a dependabot alert. Fixing locally in the project only lasts until the next commit that updates the webex sdk.
Possible Solution (we welcome any logical suggestion)
Its likely that Dependabot has already opened a PR against the project. Just accept it.
If not manually update the minimum lodash version to 4.17.19
Steps to Reproduce
- Create a project that uses webex
- Push it to github
- Enjoy the dependabot alert
Environment Details
- SDK Version - any prior to 1.84.0 (but possibly even more recent)
lalli-flores commented
Fixed by #1822