Replace generic lodash deps with more specific lodash.x
deps
#12004
-
Trying to run a recent expo with babel project shows quite a few audit errors related to a security issue in lodash. Example: https://www.npmjs.com/advisories/1523 affects Now I am wondering if it would be a good idea to replace all the unspecific babel/packages/babel-types/package.json Line 20 in eea156b to be replaced with: "lodash.isplainobject": "^4.0.6",
"lodash.isregexp": "^4.0.1" and subsequently replace babel/packages/babel-types/src/converters/valueToNode.js Lines 2 to 3 in eea156b with import isPlainObject from "lodash.isplainobject";
import isRegExp from "lodash.isregexp"; This way any security audit issues that come up only show if they are relevant and likely the amount of packages loaded should be reduced. Would it be a good idea to send PR's that replace all this? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 3 replies
-
Was already raised. |
Beta Was this translation helpful? Give feedback.
-
@martinheidegger also, FWIW, the package.json you linked to from babel-types is actually out of date: https://github.com/babel/babel/blob/main/packages/babel-types/package.json#L20 |
Beta Was this translation helpful? Give feedback.
Was already raised.
lodash.*
packages are deprecated and gonna be removed in lodash v5.https://github.com/babel/babel/pulls?q=is%3Apr+is%3Aopen+lodash