Skip to content

Commit 245949f

Browse files
Stephanemwboopathi
Stephanemw
authored and
boopathi
committed
chore(minify): remediate CVE-2018-3721: update lodash to latest, remove use of deprecated module packages (#918)
* chore(minify): update lodash to latest, remove use of deprecated modularised lodash packages * chore(minify): update lodash to latest, remove use of deprecated modularised lodash packages
1 parent 7667104 commit 245949f

File tree

9 files changed

+11
-21
lines changed

9 files changed

+11
-21
lines changed

packages/babel-minify/__tests__/__snapshots__/cli-tests.js.snap

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -17,13 +17,13 @@ exports[`babel-minify CLI should handle comments 1`] = `
1717
Array [
1818
Object {
1919
"stderr": "",
20-
"stdout": "import Foo from\\"foo\\";import pick from\\"lodash.pick\\";export const items=pick(Foo.all,[\\"a\\",\\"b\\",\\"c\\"]);export default Foo(items);",
20+
"stdout": "import Foo from\\"foo\\";import pick from\\"lodash/pick\\";export const items=pick(Foo.all,[\\"a\\",\\"b\\",\\"c\\"]);export default Foo(items);",
2121
},
2222
Object {
2323
"stderr": "",
2424
"stdout": "// comment 1
2525
import Foo from\\"foo\\";// comment 2
26-
import pick from\\"lodash.pick\\";export const items/* comment 3 */=pick(Foo.all,[// comment 4
26+
import pick from\\"lodash/pick\\";export const items/* comment 3 */=pick(Foo.all,[// comment 4
2727
\\"a\\",// comment 5
2828
\\"b\\",// comment 6
2929
\\"c\\"]);export default Foo(items);",

packages/babel-minify/__tests__/fixtures/module/mod.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
import Foo from "foo";
33

44
// comment 2
5-
import pick from "lodash.pick";
5+
import pick from "lodash/pick";
66

77
export const items /* comment 3 */ = pick(Foo.all, [
88
// comment 4

packages/babel-minify/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@
2121
"@babel/core": "^7.1.0",
2222
"babel-preset-minify": "^0.5.0",
2323
"fs-readdir-recursive": "^1.1.0",
24-
"lodash.pick": "^4.4.0",
24+
"lodash": "^4.17.11",
2525
"mkdirp": "^0.5.1",
2626
"util.promisify": "^1.0.0",
2727
"yargs-parser": "^10.0.0"

packages/babel-minify/src/cli.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@ const yargsParser = require("yargs-parser");
22
const optionsParser = require("./options-parser");
33
const { version } = require("../package.json");
44
const { handleStdin, handleFile, handleArgs, isFile } = require("./fs");
5-
const pick = require("lodash.pick");
5+
const pick = require("lodash/pick");
66

77
const plugins = [
88
"booleans",

packages/babel-plugin-minify-dead-code-elimination/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,6 @@
1515
"babel-helper-evaluate-path": "^0.5.0",
1616
"babel-helper-mark-eval-scopes": "^0.4.3",
1717
"babel-helper-remove-or-void": "^0.4.3",
18-
"lodash.some": "^4.6.0"
18+
"lodash": "^4.17.11"
1919
}
2020
}

packages/babel-plugin-minify-dead-code-elimination/src/index.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
"use strict";
22

3-
const some = require("lodash.some");
3+
const some = require("lodash/some");
44
const { markEvalScopes, hasEval } = require("babel-helper-mark-eval-scopes");
55
const removeUseStrict = require("./remove-use-strict");
66
const evaluate = require("babel-helper-evaluate-path");

packages/babel-preset-minify/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,6 @@
3636
"babel-plugin-transform-remove-undefined": "^0.5.0",
3737
"babel-plugin-transform-simplify-comparison-operators": "^6.9.4",
3838
"babel-plugin-transform-undefined-to-void": "^6.9.4",
39-
"lodash.isplainobject": "^4.0.6"
39+
"lodash": "^4.17.11"
4040
}
4141
}

packages/babel-preset-minify/src/index.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
const isPlainObject = require("lodash.isplainobject");
1+
const isPlainObject = require("lodash/isPlainObject");
22

33
// the flat plugin map
44
// This is to prevent dynamic requires - require('babel-plugin-' + name);

yarn.lock

Lines changed: 2 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -5719,7 +5719,7 @@ lodash.isfunction@^3.0.8:
57195719
resolved "https://registry.yarnpkg.com/lodash.isfunction/-/lodash.isfunction-3.0.8.tgz#4db709fc81bc4a8fd7127a458a5346c5cdce2c6b"
57205720
integrity sha1-TbcJ/IG8So/XEnpFilNGxc3OLGs=
57215721

5722-
lodash.isplainobject@^4.0.4, lodash.isplainobject@^4.0.6:
5722+
lodash.isplainobject@^4.0.4:
57235723
version "4.0.6"
57245724
resolved "https://registry.yarnpkg.com/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz#7c526a52d89b45c45cc690b88163be0497f550cb"
57255725
integrity sha1-fFJqUtibRcRcxpC4gWO+BJf1UMs=
@@ -5734,16 +5734,6 @@ lodash.mapvalues@^4.4.0:
57345734
resolved "https://registry.yarnpkg.com/lodash.mapvalues/-/lodash.mapvalues-4.6.0.tgz#1bafa5005de9dd6f4f26668c30ca37230cc9689c"
57355735
integrity sha1-G6+lAF3p3W9PJmaMMMo3IwzJaJw=
57365736

5737-
lodash.pick@^4.4.0:
5738-
version "4.4.0"
5739-
resolved "https://registry.yarnpkg.com/lodash.pick/-/lodash.pick-4.4.0.tgz#52f05610fff9ded422611441ed1fc123a03001b3"
5740-
integrity sha1-UvBWEP/53tQiYRRB7R/BI6AwAbM=
5741-
5742-
lodash.some@^4.6.0:
5743-
version "4.6.0"
5744-
resolved "https://registry.yarnpkg.com/lodash.some/-/lodash.some-4.6.0.tgz#1bb9f314ef6b8baded13b549169b2a945eb68e4d"
5745-
integrity sha1-G7nzFO9ri63tE7VJFpsqlF62jk0=
5746-
57475737
lodash.sortby@^4.5.0, lodash.sortby@^4.7.0:
57485738
version "4.7.0"
57495739
resolved "https://registry.yarnpkg.com/lodash.sortby/-/lodash.sortby-4.7.0.tgz#edd14c824e2cc9c1e0b0a1b42bb5210516a42438"
@@ -5769,7 +5759,7 @@ lodash@^4.13.1, lodash@^4.14.0, lodash@^4.17.4, lodash@^4.2.0, lodash@^4.2.1:
57695759
resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.4.tgz#78203a4d1c328ae1d86dca6460e369b57f4055ae"
57705760
integrity sha1-eCA6TRwyiuHYbcpkYONptX9AVa4=
57715761

5772-
lodash@^4.17.10:
5762+
lodash@^4.17.10, lodash@^4.17.11:
57735763
version "4.17.11"
57745764
resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.11.tgz#b39ea6229ef607ecd89e2c8df12536891cac9b8d"
57755765
integrity sha512-cQKh8igo5QUhZ7lg38DYWAxMvjSAKG0A8wGSVimP07SIUEK2UO+arSRKbRZWtelMtN5V0Hkwh5ryOto/SshYIg==

0 commit comments

Comments
 (0)