> > Plus, with package-lock.json committed no version update would be picked up > automatically. That's the idea behind committing it in the first place. >
Newer versions of npm seemed to respect the caret (^) when making package-lock.json; caret seemed to show up in package-lock.json. But I may be mistaken here. I would be happy to experiment and test this sometime later today or tonight.
