Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(dependencies): unpin dependencies
Currently direct dependencies are pinned to specific patch versions, as a result, projects that use this repository cannot respond to transitive dependency updates, for example #210 updates lodash to address CVE‑2020-8203, however other projects need to wait for Caporal to do this and update after a new version has been published, and cannot be more proactive to address vulnerabilities in transitive dependencies.
- Loading branch information