Bump lodash version to avoid security alerts from yarn and github
damianobarbati opened this issue · comments
It doesn’t look like babel-eslint
uses lodash
directly, so this would need to be updated in the respective package that does.
@damianobarbati may have to update your babel deps (maybe even manually remove entries from lockfile), as latest versions should all use lodash@4.17.13
Ref:
https://unpkg.com/browse/@babel/types@7.5.5/package.json
There is a handy tool called yarn-deduplicate which should help you in this case
yarn-deduplicate --packages lodash yarn.lock
Thank you for the PR. Now that @babel/eslint-parser
has been released, we are making this repository read-only. If this is a change you would still like to advocate for, please reopen this in the babel/babel monorepo.