Merge pull request #792 from shaunek/remediate-lodash.set-vuln

fix(): use full lodash instead of per-method pkgs
nestjs · Jan 3, 2022 · 9d56134 · 9d56134
2 parents 51070a9 + f308a20
commit 9d56134
Show file tree

Hide file tree

Showing 5 changed files with 8 additions and 58 deletions.
diff --git a/.eslintrc.js b/.eslintrc.js
@@ -9,7 +9,6 @@ module.exports = {
     'plugin:@typescript-eslint/eslint-recommended',
     'plugin:@typescript-eslint/recommended',
     'prettier',
-    'prettier/@typescript-eslint',
   ],
   root: true,
   env: {

diff --git a/lib/config.service.ts b/lib/config.service.ts
@@ -1,8 +1,6 @@
 import { Inject, Injectable, Optional } from '@nestjs/common';
 import { isUndefined } from '@nestjs/common/utils/shared.utils';
-import get from 'lodash.get';
-import has from 'lodash.has';
-import set from 'lodash.set';
+import { get, has, set } from 'lodash';
 import {
   CONFIGURATION_TOKEN,
   VALIDATED_ENV_PROPNAME,

diff --git a/lib/utils/merge-configs.util.ts b/lib/utils/merge-configs.util.ts
@@ -1,4 +1,4 @@
-import set from 'lodash.set';
+import { set } from 'lodash';
 
 export function mergeConfigObject(
   host: Record<string, any>,

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -20,9 +20,7 @@
   "dependencies": {
     "dotenv": "10.0.0",
     "dotenv-expand": "5.1.0",
-    "lodash.get": "4.4.2",
-    "lodash.has": "4.5.2",
-    "lodash.set": "4.3.2",
+    "lodash": "4.17.21",
     "uuid": "8.3.2"
   },
   "devDependencies": {
@@ -33,9 +31,7 @@
     "@nestjs/platform-express": "8.2.4",
     "@nestjs/testing": "8.2.4",
     "@types/jest": "27.4.0",
-    "@types/lodash.get": "4.4.6",
-    "@types/lodash.has": "4.5.6",
-    "@types/lodash.set": "4.3.6",
+    "@types/lodash": "4.14.178",
     "@types/node": "16.11.17",
     "@types/uuid": "8.3.3",
     "@typescript-eslint/eslint-plugin": "5.8.1",