Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(dep): migrate from lodash.set to lodash. (#2306)
Listing `lodash` as a prod dependency has a few advantages over the single func dep we were using. Primarily, when a security vulnerability is patched in LoDash, those changes don't get published to individual function libs anymore. The most recent example being the prototype pollution that was patched in 4.17.16. That particular vulnerability didn't effect Nock because of our usage, however, Nock does show up as having a vulnerability because of it which is a pain for consumers. It also creates a future problem where the next patch could affect Nock more directly. #2279 It should be noted that LoDash itself discourages the use of these single function libs: https://lodash.com/per-method-packages This changes also removes the vendor-izing of two LoDash functions in favor of using the lib directly (`isPlainObject` and `mapValues`).
- Loading branch information
1 parent
8a82b50
commit e4b0331
Showing
4 changed files
with
11 additions
and
67 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters