Skip to content

Commit

Permalink
fix: remove deprecated lodash per-method packages for vulnerability…
Browse files Browse the repository at this point in the history
… fixes (#78)

* Remove lodash per-method packages, which are discouraged, deprecated, and have reported vulnerabilities: https://lodash.com/per-method-packages

* Revert "Remove lodash per-method packages, which are discouraged, deprecated, and have reported vulnerabilities: https://lodash.com/per-method-packages"

This reverts commit fb59ae9.

* Replace lodash per-method packages imports with lodash direct imports
  • Loading branch information
EmilianoSanchez authored Nov 12, 2024
1 parent 64de3f5 commit 17777ca
Show file tree
Hide file tree
Showing 7 changed files with 17 additions and 110 deletions.
12 changes: 1 addition & 11 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -50,10 +50,6 @@
"@eslint/compat": "^1.2.2",
"@types/cuint": "^0.2.X",
"@types/lodash": "^4.17.13",
"@types/lodash.eq": "^4.0.9",
"@types/lodash.indexof": "^4.0.9",
"@types/lodash.random": "^3.2.9",
"@types/lodash.sortedindexby": "^4.6.9",
"@types/node": "^22.9.0",
"@types/xxhashjs": "^0.2.X",
"@typescript-eslint/eslint-plugin": "^8.13.0",
Expand All @@ -64,9 +60,6 @@
"eslint-plugin-node": "^11.1.0",
"eslint-plugin-prettier": "^5.2.1",
"globals": "^15.12.0",
"lodash.intersection": "^4.4.0",
"lodash.range": "^3.2.0",
"lodash.union": "^4.6.0",
"mocha": "^10.8.2",
"prettier": "^3.3.3",
"random": "5.1.1",
Expand All @@ -82,10 +75,7 @@
"@types/seedrandom": "3.0.8",
"base64-arraybuffer": "^1.0.2",
"is-buffer": "^2.0.5",
"lodash.eq": "4.0.0",
"lodash.indexof": "4.0.5",
"lodash.random": "3.2.0",
"lodash.sortedindexby": "4.6.0",
"lodash": "4.17.21",
"long": "^5.2.0",
"reflect-metadata": "^0.2.2",
"seedrandom": "^3.0.5",
Expand Down
4 changes: 2 additions & 2 deletions src/cuckoo/bucket.ts
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,8 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
*/

import eq from 'lodash.eq'
import indexOf from 'lodash.indexof'
import eq from 'lodash/eq'
import indexOf from 'lodash/indexof'

Check failure on line 26 in src/cuckoo/bucket.ts

View workflow job for this annotation

GitHub Actions / ubuntu_build (20)

Cannot find module 'lodash/indexof' or its corresponding type declarations.

Check failure on line 26 in src/cuckoo/bucket.ts

View workflow job for this annotation

GitHub Actions / Analyze (javascript, 20)

Cannot find module 'lodash/indexof' or its corresponding type declarations.

Check failure on line 26 in src/cuckoo/bucket.ts

View workflow job for this annotation

GitHub Actions / ubuntu_build (22)

Cannot find module 'lodash/indexof' or its corresponding type declarations.

Check failure on line 26 in src/cuckoo/bucket.ts

View workflow job for this annotation

GitHub Actions / ubuntu_build (23)

Cannot find module 'lodash/indexof' or its corresponding type declarations.
import * as utils from '../utils'
import {Exportable} from '../exportable'
import {cloneObject} from '../exportable'
Expand Down
2 changes: 1 addition & 1 deletion src/sketch/min-hash-factory.ts
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ SOFTWARE.
*/

import {HashFunction, MinHash} from './min-hash'
import random from 'lodash.random'
import random from 'lodash/random'

/**
* Test if a number is a prime number
Expand Down
2 changes: 1 addition & 1 deletion src/sketch/topk.ts
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ SOFTWARE.
import BaseFilter from '../base-filter'
import CountMinSketch from './count-min-sketch'
import {AutoExportable, Field, Parameter} from '../exportable'
import sortedIndexBy from 'lodash.sortedindexby'
import sortedIndexBy from 'lodash/sortedindexby'

Check failure on line 28 in src/sketch/topk.ts

View workflow job for this annotation

GitHub Actions / ubuntu_build (20)

Cannot find module 'lodash/sortedindexby' or its corresponding type declarations.

Check failure on line 28 in src/sketch/topk.ts

View workflow job for this annotation

GitHub Actions / Analyze (javascript, 20)

Cannot find module 'lodash/sortedindexby' or its corresponding type declarations.

Check failure on line 28 in src/sketch/topk.ts

View workflow job for this annotation

GitHub Actions / ubuntu_build (22)

Cannot find module 'lodash/sortedindexby' or its corresponding type declarations.

Check failure on line 28 in src/sketch/topk.ts

View workflow job for this annotation

GitHub Actions / ubuntu_build (23)

Cannot find module 'lodash/sortedindexby' or its corresponding type declarations.

/**
* An element in a MinHeap
Expand Down
6 changes: 3 additions & 3 deletions test/min-hash-test.js
Original file line number Diff line number Diff line change
Expand Up @@ -25,9 +25,9 @@ SOFTWARE.
require('chai').should()
const {describe, it} = require('mocha')
const {MinHashFactory, MinHash} = require('../dist/api.js')
const range = require('lodash.range')
const intersection = require('lodash.intersection')
const union = require('lodash.union')
const range = require('lodash/range')
const intersection = require('lodash/intersection')
const union = require('lodash/union')

// Compute the exact Jaccard similairty between two sets
function jaccard(a, b) {
Expand Down
2 changes: 1 addition & 1 deletion test/utils-test.js
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ const {
} = require('../dist/utils')
const {BloomFilter, BaseFilter} = require('../dist/api.js')
const XXH = require('xxhashjs')
const range = require('lodash.range')
const range = require('lodash/range')
const seed = getDefaultSeed()
const {Hashing} = require('../dist/api')

Expand Down
99 changes: 8 additions & 91 deletions yarn.lock
Original file line number Diff line number Diff line change
Expand Up @@ -195,35 +195,7 @@
resolved "https://registry.yarnpkg.com/@types/json-schema/-/json-schema-7.0.15.tgz#596a1747233694d50f6ad8a7869fcb6f56cf5841"
integrity sha512-5+fP8P8MFNC+AyZCDxrB2pkZFPGzqQWUzpSeuuVLvm8VMcorNYavBqoFcxK8bQz4Qsbn4oUEEem4wDLfcysGHA==

"@types/lodash.eq@^4.0.9":
version "4.0.9"
resolved "https://registry.yarnpkg.com/@types/lodash.eq/-/lodash.eq-4.0.9.tgz#80e719f6e62889a85cc4c9ea11fbac88077c4ac0"
integrity sha512-YsUnrAJsoBnA8Zg/ACUTjgZyrtfWDSPwwnSPc85a55sQu4sJFXguhp37kJQDvpiTspnckKmzs7SoK2ySTexuxg==
dependencies:
"@types/lodash" "*"

"@types/lodash.indexof@^4.0.9":
version "4.0.9"
resolved "https://registry.yarnpkg.com/@types/lodash.indexof/-/lodash.indexof-4.0.9.tgz#24593e6c0ac85913066f38e236c3a086e528cfe2"
integrity sha512-Zzjr175BKqZpQxCYtSMcTjEBb8l4fZxeCD9QnMJsnyFSgV1vDMJYRmAAlkegyuF/RM4iMNRlwIT6W2bbqK54FQ==
dependencies:
"@types/lodash" "*"

"@types/lodash.random@^3.2.9":
version "3.2.9"
resolved "https://registry.yarnpkg.com/@types/lodash.random/-/lodash.random-3.2.9.tgz#5134b838d54b565cb0b7453a0938d3033028f3d1"
integrity sha512-tIkVWoiBVVguQG5lpTErD9tOADYA5A1V6Ie0WgG/cVNN9jIJIlXCTS0FCcurV+OBnu7uJBpNKgA9gx3eYUj19Q==
dependencies:
"@types/lodash" "*"

"@types/lodash.sortedindexby@^4.6.9":
version "4.6.9"
resolved "https://registry.yarnpkg.com/@types/lodash.sortedindexby/-/lodash.sortedindexby-4.6.9.tgz#21b47d17633c953fe468db316cbbac44adf079b7"
integrity sha512-W5qRpxPPrpkBsucCHdQ1/9OzQEKG4O5gH4PfJXLTwVRdOJhs6qZ4HIGOxAUD3rvaLg0MCKcmeFj/5XRVEKyQMw==
dependencies:
"@types/lodash" "*"

"@types/lodash@*", "@types/lodash@^4.17.13":
"@types/lodash@^4.17.13":
version "4.17.13"
resolved "https://registry.yarnpkg.com/@types/lodash/-/lodash-4.17.13.tgz#786e2d67cfd95e32862143abe7463a7f90c300eb"
integrity sha512-lfx+dftrEZcdBPczf9d0Qv0x+j/rfNCMuC6OcfXmO8gkfeNAY88PgKUbvG56whcN23gc27yenwF6oJZXGFpYxg==
Expand Down Expand Up @@ -1098,45 +1070,15 @@ locate-path@^6.0.0:
dependencies:
p-locate "^5.0.0"

[email protected]:
version "4.0.0"
resolved "https://registry.yarnpkg.com/lodash.eq/-/lodash.eq-4.0.0.tgz#a39f06779e72f9c0d1f310c90cd292c1661d5035"
integrity sha512-vbrJpXL6kQNG6TkInxX12DZRfuYVllSxhwYqjYB78g2zF3UI15nFO/0AgmZnZRnaQ38sZtjCiVjGr2rnKt4v0g==

[email protected]:
version "4.0.5"
resolved "https://registry.yarnpkg.com/lodash.indexof/-/lodash.indexof-4.0.5.tgz#53714adc2cddd6ed87638f893aa9b6c24e31ef3c"
integrity sha512-t9wLWMQsawdVmf6/IcAgVGqAJkNzYVcn4BHYZKTPW//l7N5Oq7Bq138BaVk19agcsPZePcidSgTTw4NqS1nUAw==

lodash.intersection@^4.4.0:
version "4.4.0"
resolved "https://registry.yarnpkg.com/lodash.intersection/-/lodash.intersection-4.4.0.tgz#0a11ba631d0e95c23c7f2f4cbb9a692ed178e705"
integrity sha512-N+L0cCfnqMv6mxXtSPeKt+IavbOBBSiAEkKyLasZ8BVcP9YXQgxLO12oPR8OyURwKV8l5vJKiE1M8aS70heuMg==

lodash.merge@^4.6.2:
version "4.6.2"
resolved "https://registry.yarnpkg.com/lodash.merge/-/lodash.merge-4.6.2.tgz#558aa53b43b661e1925a0afdfa36a9a1085fe57a"
integrity sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ==

[email protected]:
version "3.2.0"
resolved "https://registry.yarnpkg.com/lodash.random/-/lodash.random-3.2.0.tgz#96e24e763333199130d2c9e2fd57f91703cc262d"
integrity sha512-A6Vn7teN0+qSnhOsE8yx2bGowCS1G7D9e5abq8VhwOP98YHS/KrGMf43yYxA05lvcvloT+W9Z2ffkSajFTcPUA==

lodash.range@^3.2.0:
version "3.2.0"
resolved "https://registry.yarnpkg.com/lodash.range/-/lodash.range-3.2.0.tgz#f461e588f66683f7eadeade513e38a69a565a15d"
integrity sha512-Fgkb7SinmuzqgIhNhAElo0BL/R1rHCnhwSZf78omqSwvWqD0kD2ssOAutQonDKH/ldS8BxA72ORYI09qAY9CYg==

[email protected]:
version "4.6.0"
resolved "https://registry.yarnpkg.com/lodash.sortedindexby/-/lodash.sortedindexby-4.6.0.tgz#46f198fbdfbcd09c6fd4c177d37cda3cc652d9f9"
integrity sha512-GF/PMlfsOliNvwf5E0x6VAOcSd7O/rOlfWdt1zBmkylbpsHnuM2afos6aYrnkIWUvAQWfsPH/kQdocMf5fPtPw==

lodash.union@^4.6.0:
version "4.6.0"
resolved "https://registry.yarnpkg.com/lodash.union/-/lodash.union-4.6.0.tgz#48bb5088409f16f1821666641c44dd1aaae3cd88"
integrity sha512-c4pB2CdGrGdjMKYLA+XiRDO7Y0PRQbm/Gzg8qMj+QH+pFVAoTp5sBpO0odL3FjoPCGjK96p6qsP+yQoiLoOBcw==
[email protected]:
version "4.17.21"
resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz#679591c564c3bffaae8454cf0b3df370c3d6911c"
integrity sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==

log-symbols@^4.1.0:
version "4.1.0"
Expand Down Expand Up @@ -1568,16 +1510,7 @@ space-separated-tokens@^2.0.0:
resolved "https://registry.yarnpkg.com/space-separated-tokens/-/space-separated-tokens-2.0.2.tgz#1ecd9d2350a3844572c3f4a312bceb018348859f"
integrity sha512-PEGlAwrG8yXGXRjW32fGbg66JAlOAwbObuqVoJpv/mRgoWDQfgH1wDPvtzWyUSNAXBGSk8h755YDbbcEy3SH2Q==

"string-width-cjs@npm:string-width@^4.2.0":
version "4.2.3"
resolved "https://registry.yarnpkg.com/string-width/-/string-width-4.2.3.tgz#269c7117d27b05ad2e536830a8ec895ef9c6d010"
integrity sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==
dependencies:
emoji-regex "^8.0.0"
is-fullwidth-code-point "^3.0.0"
strip-ansi "^6.0.1"

string-width@^4.1.0, string-width@^4.2.0:
"string-width-cjs@npm:string-width@^4.2.0", string-width@^4.1.0, string-width@^4.2.0:
version "4.2.3"
resolved "https://registry.yarnpkg.com/string-width/-/string-width-4.2.3.tgz#269c7117d27b05ad2e536830a8ec895ef9c6d010"
integrity sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==
Expand All @@ -1603,14 +1536,7 @@ stringify-entities@^4.0.0:
character-entities-html4 "^2.0.0"
character-entities-legacy "^3.0.0"

"strip-ansi-cjs@npm:strip-ansi@^6.0.1":
version "6.0.1"
resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-6.0.1.tgz#9e26c63d30f53443e9489495b2105d37b67a85d9"
integrity sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==
dependencies:
ansi-regex "^5.0.1"

strip-ansi@^6.0.0, strip-ansi@^6.0.1:
"strip-ansi-cjs@npm:strip-ansi@^6.0.1", strip-ansi@^6.0.0, strip-ansi@^6.0.1:
version "6.0.1"
resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-6.0.1.tgz#9e26c63d30f53443e9489495b2105d37b67a85d9"
integrity sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==
Expand Down Expand Up @@ -1804,16 +1730,7 @@ workerpool@^6.5.1:
resolved "https://registry.yarnpkg.com/workerpool/-/workerpool-6.5.1.tgz#060f73b39d0caf97c6db64da004cd01b4c099544"
integrity sha512-Fs4dNYcsdpYSAfVxhnl1L5zTksjvOJxtC5hzMNl+1t9B8hTJTdKDyZ5ju7ztgPy+ft9tBFXoOlDNiOT9WUXZlA==

"wrap-ansi-cjs@npm:wrap-ansi@^7.0.0":
version "7.0.0"
resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-7.0.0.tgz#67e145cff510a6a6984bdf1152911d69d2eb9e43"
integrity sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==
dependencies:
ansi-styles "^4.0.0"
string-width "^4.1.0"
strip-ansi "^6.0.0"

wrap-ansi@^7.0.0:
"wrap-ansi-cjs@npm:wrap-ansi@^7.0.0", wrap-ansi@^7.0.0:
version "7.0.0"
resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-7.0.0.tgz#67e145cff510a6a6984bdf1152911d69d2eb9e43"
integrity sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==
Expand Down

0 comments on commit 17777ca

Please sign in to comment.