Replaced individual lodash modules with main lodash library

longshotlabs / js-message-box

A package for defining and getting validation error messages, with support for Meteor Tracker reactivity

MIT License

7 stars 17 forks source link

Replaced individual lodash modules with main lodash library #10

Closed rosshadden closed 5 years ago

rosshadden commented 5 years ago

lodash.merge has a security vulnerability, and as it has not been published in over a year this is unlikely to change in the near future. This replaces the individual lodash modules with the main lodash module.

It will of course increase the module dependency size, but in practice many depend on the main lodash module, which is still their officially-recommended way of using it. So realistically little would change for most projects.

aldeed commented 5 years ago

Thanks! According to their roadmap, they are deprecating the individual packages soon anyway: https://github.com/lodash/lodash/wiki/Roadmap

aldeed commented 5 years ago

Released in 0.2.1

spencern commented 5 years ago

Thanks @aldeed!