search

angular-redux / ng-redux

Angular bindings for Redux
MIT License
1.16k stars 177 forks source link

fix: reran yarn command for repo #233

Open Kirandeepv opened 4 years ago

Kirandeepv commented 4 years ago

Background

We have ng-redux as one of our package dependencies. While working on a security issues with lodash < 4.17.13 I realized that ng-redux is bringing in lodash@4.17.13 instead of latest version inferring it from ^4.17.13

Here's how package.json specifies the dependencies:

"dependencies": {
    "babel-runtime": "^6.26.0",
    "invariant": "^2.2.2",
    "lodash": "^4.17.13"
  },

There was a change made to remove precise locking of lodash dependency in this PR but seems like the lockfile wasn't updated with that change.

Details

This PR runs yarn command for this repo and updates the dependencies.

Kirandeepv commented 4 years ago

@AntJanus Looping you here since you might have context from the above mentioned PR