chore: fix lodash vulnerability - Githubissues

antoine-coulon / skott

All-in-one devtool to automatically analyze, search and visualize project modules and dependencies from JavaScript, TypeScript (JSX/TSX) and Node.js (ES6, CommonJS)

MIT License

643 stars 25 forks source link

chore: fix lodash vulnerability #138

Closed pedrolamas closed 7 months ago

pedrolamas commented 7 months ago

Summary

This solves a known high security vulnerability caused by lodash.set.

Fixes #137

Implementation

Replaces all lodash.* dependencies with lodash-es that allows for easy tree-shaking.

Testing

[ ] Unit tests were added to cover the new feature or bug fix (+ eventually integration tests)

Impacted documentation

[X] Changesets were generated using pnpm changeset at the root of the workspace, affected packages are being bumped (either patch/minor) and a clear description for each of the affected packages was added.

antoine-coulon commented 7 months ago

Thanks for solving that issue with such a quick fix @pedrolamas!