Retire.js version: (retire --version): 4.3.1

node version: (node --version): v16

Description:

lodash is also scanning other lodash packages (ex. list given below) and reporting as vulnerable packages, even though they are upto date as per their releases
"lodash.escaperegexp": "^4.1.2",
"lodash.isboolean": "^3.0.3",
"lodash.isequal": "^4.5.0",
"lodash.isfunction": "^3.0.9",
"lodash.isnil": "^4.0.0"

Expected behaviour:

lodash should only scan for lodash package

If this is a false positive or false negative:

• How did you run the tool? Command line? Browser extension?
• Can you provide a link to the file(s) containing the libraries?
• Are the libraries bundeled with a minifier? If so which one?

Why did you skip this?

If this is a false positive or false negative:

• How did you run the tool? Command line? Browser extension?
• Can you provide a link to the file(s) containing the libraries?
• Are the libraries bundeled with a minifier? If so which one?

Thanks for the quick fix, Please release new features with a new release branch to avoid these issues