New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
deps(lodash): replace lodash
per-method packages with full lodash
#13695
Conversation
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). For more information, open the CLA check for this pull request. |
We need to confirm bundle size (files in |
@@ -6,7 +6,7 @@ | |||
'use strict'; | |||
|
|||
const path = require('path'); | |||
const isDeepEqual = require('lodash.isequal'); | |||
const { isEqual: isDeepEqual } = require('lodash'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd expect this to error because lodash is only commonjs.
How did you verify these changes?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think this should error. I didn't do any verification, since I can't seem to run tests locally.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are you using a supported Node version (>=14.15
)? And I'd expect many tests to fail precisely because of this error. yarn build-all && yarn unit-cli
should at least display useful messages when failing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
On master
with node@14.15.1
, yarn unit-cli
fails with a bunch of these:
FAIL lighthouse-cli/test/cli/cli-flags-test.js
● CLI flags › settings are accepted from a file path
expect(received).toMatchSnapshot()
Snapshot name: `CLI flags settings are accepted from a file path 1`
- Snapshot - 1
+ Received + 1
@@ -1,7 +1,7 @@
Object {
- "$0": "node_modules/jest/bin/jest.js",
+ "$0": "node_modules/jest-worker/build/workers/processChild.js",
"_": Array [
"http://www.example.com",
],
"budget-path": "path/to/my/budget-from-config.json",
"budgetPath": "path/to/my/budget-from-config.json",
33 | }
34 |
> 35 | expect(flags).toMatchSnapshot();
| ^
36 | }
37 |
38 | describe('CLI flags', function() {
at snapshot (lighthouse-cli/test/cli/cli-flags-test.js:35:17)
at Object.<anonymous> (lighthouse-cli/test/cli/cli-flags-test.js:76:5)
@connorjclark This should be ready for re-test. |
Summary
This PR replaces
lodash
per-method packages with imports from fulllodash
. This resolves an open CVE inlodash.set
and removes the dependency on unmaintainedlodash
per-method packages. See #13694 for more information.Related Issues/PRs
Resolves #13694