fix: remove deprecated lodash
per-method packages for vulnerability fixes
#78
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Removed
lodash
per-method packages, likelodash.eq
andlodash.indexOf
, which are discouraged, deprecated, and a source of potential security vulnerabilities: https://lodash.com/per-method-packages (Examples of reported vulnerabilities inlodash
per-method packages: Wrong version in lodash.pick vulnerability report CVE-2020-8203 lodash/lodash#5809, Please republish lodash.forin lodash/lodash#5808).Replaced the import of
lodash
per-method packages with direct imports, as suggested here.