SCAN.

24 third-party components scanned against the vuln database. 8 components carry transitive vulns the direct dep doesn't. 2 components license-incompatible with our distribution model.

The vulnerability isn't in your code. It's in the package you didn't import.

SS-009 · lodash · transitive via webpack TRANSITIVE

CVE-2024-29415 · 2 levels deep · no direct upgrade path.

Override transitively, audit other lodash consumers.