Open sforsberg opened 2 years ago
I may actually bump a few other dependencies in particular, most oc-*
deps can likely be updated to use a minor semver ~and async
is still pulling in lodash@4.17.19
.~ (Disregard async, async@2.6.3
resolves the lodash vulnerability.)
Any objections to do that?
Bumps
lodash@^4.17.21
to patch a critical security vulnerability in the current hoisted version4.17.19
.NOTE: Uses a minor semver to allow
lodash
to be easily bumped for future minor and patch versions. If this is preferred not to be used, I can revert this to a fixed version.Resolves: #650