Security alert for lodash dependancy version
KlapTrap opened this issue · comments
See https://app.snyk.io/test/npm/ngrx-store-localstorage/7.0.0 for the report.
Related issue. championswimmer/vuex-persist#114
Ideally we'd just not use lodash at all. But implementing a deep merge function is not trivial. I looked at lodash-es but it requires a lot of complicated webpack set up to get any actual benefit. Open to suggestions here.
I recommend we solve this by switching to deepmerge instead. However this would require testing and validation from the community.
@KlapTrap would you be interested in trying out the deepmerge branch and verifying it works as expected? I'd like as much review on this as possible.
@bufke Sorry for the late reply. Thanks for look into this. We've been using https://github.com/cf-stratos/ngrx-store-localstorage/tree/lodash-dep-update as a temporary work around. I'll look into switching to the deep merge branch today and get back to you asap.
Fixed in 8.0