From 113d2ac34677805a61ae84966ce29fae0cce3c64 Mon Sep 17 00:00:00 2001
From: Zalk0 <88582103+zalk0@users.noreply.github.com>
Date: Thu, 4 Apr 2024 12:09:32 +0200
Subject: [PATCH] fix: security issue with lodash

switch from per method packages to main lodash package
---
 package-lock.json | 75 ++++-------------------------------------------
 package.json      | 10 ++-----
 src/settings.ts   |  7 ++---
 3 files changed, 11 insertions(+), 81 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 9daf059..d5cba00 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -10,17 +10,11 @@
       "license": "MIT",
       "dependencies": {
         "atomically": "^2.0.1",
-        "lodash.get": "^4.4.2",
-        "lodash.has": "^4.5.2",
-        "lodash.set": "^4.3.2",
-        "lodash.unset": "^4.5.2",
+        "lodash": "^4.17.21",
         "mkdirp": "^1.0.4"
       },
       "devDependencies": {
-        "@types/lodash.get": "^4.4.7",
-        "@types/lodash.has": "^4.5.7",
-        "@types/lodash.set": "^4.3.7",
-        "@types/lodash.unset": "^4.5.7",
+        "@types/lodash": "^4.17.0",
         "@types/mkdirp": "^1.0.2",
         "@types/mocha": "^7.0.2",
         "@types/node": "^14.18.42",
@@ -306,47 +300,11 @@
       }
     },
     "node_modules/@types/lodash": {
-      "version": "4.14.194",
-      "resolved": "https://registry.npmjs.org/@types/lodash/-/lodash-4.14.194.tgz",
-      "integrity": "sha512-r22s9tAS7imvBt2lyHC9B8AGwWnXaYb1tY09oyLkXDs4vArpYJzw09nj8MLx5VfciBPGIb+ZwG0ssYnEPJxn/g==",
+      "version": "4.17.0",
+      "resolved": "https://registry.npmjs.org/@types/lodash/-/lodash-4.17.0.tgz",
+      "integrity": "sha512-t7dhREVv6dbNj0q17X12j7yDG4bD/DHYX7o5/DbDxobP0HnGPgpRz2Ej77aL7TZT3DSw13fqUTj8J4mMnqa7WA==",
       "dev": true
     },
-    "node_modules/@types/lodash.get": {
-      "version": "4.4.7",
-      "resolved": "https://registry.npmjs.org/@types/lodash.get/-/lodash.get-4.4.7.tgz",
-      "integrity": "sha512-af34Mj+KdDeuzsJBxc/XeTtOx0SZHZNLd+hdrn+PcKGQs0EG2TJTzQAOTCZTgDJCArahlCzLWSy8c2w59JRz7Q==",
-      "dev": true,
-      "dependencies": {
-        "@types/lodash": "*"
-      }
-    },
-    "node_modules/@types/lodash.has": {
-      "version": "4.5.7",
-      "resolved": "https://registry.npmjs.org/@types/lodash.has/-/lodash.has-4.5.7.tgz",
-      "integrity": "sha512-nfbAzRbsZBdzSAkL9iiLy4SQk89uuFcXBFwZ7pf6oZhBgPvNys8BY5Twp/w8XvZKGt1o6cAa85wX4QhqO3uQ7A==",
-      "dev": true,
-      "dependencies": {
-        "@types/lodash": "*"
-      }
-    },
-    "node_modules/@types/lodash.set": {
-      "version": "4.3.7",
-      "resolved": "https://registry.npmjs.org/@types/lodash.set/-/lodash.set-4.3.7.tgz",
-      "integrity": "sha512-bS5Wkg/nrT82YUfkNYPSccFrNZRL+irl7Yt4iM6OTSQ0VZJED2oUIVm15NkNtUAQ8SRhCe+axqERUV6MJgkeEg==",
-      "dev": true,
-      "dependencies": {
-        "@types/lodash": "*"
-      }
-    },
-    "node_modules/@types/lodash.unset": {
-      "version": "4.5.7",
-      "resolved": "https://registry.npmjs.org/@types/lodash.unset/-/lodash.unset-4.5.7.tgz",
-      "integrity": "sha512-/i371dATnLQ4tazwcX/n+rGk3M6RnMbA3lJKrKFjELicPExmZ1LcKtGfHBECuPS2TTl3yDuaFmWtmfACVuBBAQ==",
-      "dev": true,
-      "dependencies": {
-        "@types/lodash": "*"
-      }
-    },
     "node_modules/@types/minimatch": {
       "version": "5.1.2",
       "resolved": "https://registry.npmjs.org/@types/minimatch/-/minimatch-5.1.2.tgz",
@@ -3885,8 +3843,7 @@
     "node_modules/lodash": {
       "version": "4.17.21",
       "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
-      "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==",
-      "dev": true
+      "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg=="
     },
     "node_modules/lodash._reinterpolate": {
       "version": "3.0.0",
@@ -3894,16 +3851,6 @@
       "integrity": "sha512-xYHt68QRoYGjeeM/XOE1uJtvXQAgvszfBhjV4yvsQH0u2i9I6cI6c6/eG4Hh3UAOVn0y/xAXwmTzEay49Q//HA==",
       "dev": true
     },
-    "node_modules/lodash.get": {
-      "version": "4.4.2",
-      "resolved": "https://registry.npmjs.org/lodash.get/-/lodash.get-4.4.2.tgz",
-      "integrity": "sha512-z+Uw/vLuy6gQe8cfaFWD7p0wVv8fJl3mbzXh33RS+0oW2wvUqiRXiQ69gLWSLpgB5/6sU+r6BlQR0MBILadqTQ=="
-    },
-    "node_modules/lodash.has": {
-      "version": "4.5.2",
-      "resolved": "https://registry.npmjs.org/lodash.has/-/lodash.has-4.5.2.tgz",
-      "integrity": "sha512-rnYUdIo6xRCJnQmbVFEwcxF144erlD+M3YcJUVesflU9paQaE8p+fJDcIQrlMYbxoANFL+AB9hZrzSBBk5PL+g=="
-    },
     "node_modules/lodash.ismatch": {
       "version": "4.4.0",
       "resolved": "https://registry.npmjs.org/lodash.ismatch/-/lodash.ismatch-4.4.0.tgz",
@@ -3916,11 +3863,6 @@
       "integrity": "sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ==",
       "dev": true
     },
-    "node_modules/lodash.set": {
-      "version": "4.3.2",
-      "resolved": "https://registry.npmjs.org/lodash.set/-/lodash.set-4.3.2.tgz",
-      "integrity": "sha512-4hNPN5jlm/N/HLMCO43v8BXKq9Z7QdAGc/VGrRD61w8gN9g/6jF9A4L1pbUgBLCffi0w9VsXfTOij5x8iTyFvg=="
-    },
     "node_modules/lodash.template": {
       "version": "4.5.0",
       "resolved": "https://registry.npmjs.org/lodash.template/-/lodash.template-4.5.0.tgz",
@@ -3946,11 +3888,6 @@
       "integrity": "sha512-jttmRe7bRse52OsWIMDLaXxWqRAmtIUccAQ3garviCqJjafXOfNMO0yMfNpdD6zbGaTU0P5Nz7e7gAT6cKmJRw==",
       "dev": true
     },
-    "node_modules/lodash.unset": {
-      "version": "4.5.2",
-      "resolved": "https://registry.npmjs.org/lodash.unset/-/lodash.unset-4.5.2.tgz",
-      "integrity": "sha512-bwKX88k2JhCV9D1vtE8+naDKlLiGrSmf8zi/Y9ivFHwbmRfA8RxS/aVJ+sIht2XOwqoNr4xUPUkGZpc1sHFEKg=="
-    },
     "node_modules/log-symbols": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/log-symbols/-/log-symbols-3.0.0.tgz",
diff --git a/package.json b/package.json
index 43d3076..402ae76 100644
--- a/package.json
+++ b/package.json
@@ -37,17 +37,11 @@
   },
   "dependencies": {
     "atomically": "^2.0.1",
-    "lodash.get": "^4.4.2",
-    "lodash.has": "^4.5.2",
-    "lodash.set": "^4.3.2",
-    "lodash.unset": "^4.5.2",
+    "lodash": "^4.17.21",
     "mkdirp": "^1.0.4"
   },
   "devDependencies": {
-    "@types/lodash.get": "^4.4.7",
-    "@types/lodash.has": "^4.5.7",
-    "@types/lodash.set": "^4.3.7",
-    "@types/lodash.unset": "^4.5.7",
+    "@types/lodash": "^4.17.0",
     "@types/mkdirp": "^1.0.2",
     "@types/mocha": "^7.0.2",
     "@types/node": "^14.18.42",
diff --git a/src/settings.ts b/src/settings.ts
index 796efa2..e4b47b3 100644
--- a/src/settings.ts
+++ b/src/settings.ts
@@ -6,10 +6,9 @@ import {
   writeFile as writeFileAtomic,
   writeFileSync as writeFileAtomicSync,
 } from 'atomically';
-import _get from 'lodash.get';
-import _has from 'lodash.has';
-import _set from 'lodash.set';
-import _unset from 'lodash.unset';
+import {
+  get as _get, has as _has, set as _set, unset as _unset,
+} from 'lodash';
 
 /**
  * At the basic level, a key path is the string equivalent