Merge pull request #180 from Zalk0/master

fix: security issue with lodash
nathanbuchar · Apr 11, 2024 · 71378a9 · 71378a9
2 parents 11c0f16 + 113d2ac
commit 71378a9
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 81 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -37,17 +37,11 @@
   },
   "dependencies": {
     "atomically": "^2.0.1",
-    "lodash.get": "^4.4.2",
-    "lodash.has": "^4.5.2",
-    "lodash.set": "^4.3.2",
-    "lodash.unset": "^4.5.2",
+    "lodash": "^4.17.21",
     "mkdirp": "^1.0.4"
   },
   "devDependencies": {
-    "@types/lodash.get": "^4.4.7",
-    "@types/lodash.has": "^4.5.7",
-    "@types/lodash.set": "^4.3.7",
-    "@types/lodash.unset": "^4.5.7",
+    "@types/lodash": "^4.17.0",
     "@types/mkdirp": "^1.0.2",
     "@types/mocha": "^7.0.2",
     "@types/node": "^14.18.42",

diff --git a/src/settings.ts b/src/settings.ts
@@ -6,10 +6,9 @@ import {
   writeFile as writeFileAtomic,
   writeFileSync as writeFileAtomicSync,
 } from 'atomically';
-import _get from 'lodash.get';
-import _has from 'lodash.has';
-import _set from 'lodash.set';
-import _unset from 'lodash.unset';
+import {
+  get as _get, has as _has, set as _set, unset as _unset,
+} from 'lodash';
 
 /**
  * At the basic level, a key path is the string equivalent