Closed isocroft closed 2 years ago
The dependencies are defined with ^x.y.z
, which defines semver ranges compatible with the latest versions of lodash
and debug
. You can safely update the dependencies of your project without changes in this repository.
Closing since no answer from issue reporter.
This feature request does not introduce breaking changes since the lodash version update is only on the patch version (4.17.11 -> 4.17.21). It also requests a change of version of debug@4.0.1 to debug@4.1.1 to match the version in @adonisjs/framework and @adonisjs/lucid
Why this feature is required (specific use-cases will be appreciated)?
It will mitigate the current vulnerabilities delineated by Synk depicted here for the lodash library as the deadline for maintaining the legacy version of AdonisJS 4.1 is fast approaching (31st, December, 2021).