v3.x fix: remove deprecated lodash per-method packages for vulnerabil…

…ity fixes (#80) * Remove lodash per-method packages, which are discouraged, deprecated, and have reported vulnerabilities: https://lodash.com/per-method-packages * update lodash and @types/lodash packages to latest * update lodash imports to direct module imports * update eslint config
Callidon · Nov 21, 2024 · 4b67470 · 4b67470
1 parent 2e2dfa7
commit 4b67470
Show file tree

Hide file tree

Showing 7 changed files with 14 additions and 38 deletions.
diff --git a/package.json b/package.json
@@ -48,9 +48,7 @@
   "homepage": "https://github.com/Callidon/bloom-filters#readme",
   "devDependencies": {
     "@types/cuint": "^0.2.X",
-    "@types/lodash": "^4.14.X",
-    "@types/lodash.eq": "^4.0.X",
-    "@types/lodash.indexof": "^4.0.X",
+    "@types/lodash": "^4.17.13",
     "@types/node": "^17.0.17",
     "@types/xxhashjs": "^0.2.X",
     "@typescript-eslint/eslint-plugin": "^5.11.0",
@@ -72,9 +70,7 @@
     "@types/seedrandom": "^3.0.8",
     "base64-arraybuffer": "^1.0.2",
     "is-buffer": "^2.0.5",
-    "lodash": "^4.17.15",
-    "lodash.eq": "^4.0.0",
-    "lodash.indexof": "^4.0.5",
+    "lodash": "^4.17.21",
     "long": "^5.2.0",
     "reflect-metadata": "^0.1.13",
     "seedrandom": "^3.0.5",
@@ -120,7 +116,8 @@
           "./src"
         ],
         "tryExtensions": [
-          ".ts"
+          ".ts",
+          ".js"
         ]
       }
     },

diff --git a/src/cuckoo/bucket.ts b/src/cuckoo/bucket.ts
@@ -22,7 +22,8 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
 */
 
-import {eq, indexOf} from 'lodash'
+import eq from 'lodash/eq'
+import indexOf from 'lodash/indexOf'
 import * as utils from '../utils'
 import {Exportable} from '../exportable'
 import {cloneObject} from '../exportable'

diff --git a/src/sketch/min-hash-factory.ts b/src/sketch/min-hash-factory.ts
@@ -23,7 +23,7 @@ SOFTWARE.
 */
 
 import {HashFunction, MinHash} from './min-hash'
-import {random} from 'lodash'
+import random from 'lodash/random'
 
 /**
  * Test if a number is a prime number

diff --git a/src/sketch/topk.ts b/src/sketch/topk.ts
@@ -25,7 +25,7 @@ SOFTWARE.
 import BaseFilter from '../base-filter'
 import CountMinSketch from './count-min-sketch'
 import {AutoExportable, Field, Parameter} from '../exportable'
-import {sortedIndexBy} from 'lodash'
+import sortedIndexBy from 'lodash/sortedIndexBy'
 
 /**
  * An element in a MinHeap

diff --git a/test/min-hash-test.js b/test/min-hash-test.js
@@ -24,7 +24,9 @@ SOFTWARE.
 
 require('chai').should()
 const {MinHashFactory, MinHash} = require('../dist/api.js')
-const {range, intersection, union} = require('lodash')
+const range = require('lodash/range')
+const intersection = require('lodash/intersection')
+const union = require('lodash/union')
 
 // Compute the exact Jaccard similairty between two sets
 function jaccard(a, b) {

diff --git a/test/utils-test.js b/test/utils-test.js
@@ -32,7 +32,7 @@ const {
 } = require('../dist/utils')
 const {BloomFilter, BaseFilter} = require('../dist/api.js')
 const XXH = require('xxhashjs')
-const {range} = require('lodash')
+const range = require('lodash/range')
 const seed = getDefaultSeed()
 const {Hashing} = require('../dist/api')
 

diff --git a/yarn.lock b/yarn.lock
@@ -84,21 +84,7 @@
   resolved "https://registry.yarnpkg.com/@types/json-schema/-/json-schema-7.0.15.tgz#596a1747233694d50f6ad8a7869fcb6f56cf5841"
   integrity sha512-5+fP8P8MFNC+AyZCDxrB2pkZFPGzqQWUzpSeuuVLvm8VMcorNYavBqoFcxK8bQz4Qsbn4oUEEem4wDLfcysGHA==
 
-"@types/lodash.eq@^4.0.X":
-  version "4.0.9"
-  resolved "https://registry.yarnpkg.com/@types/lodash.eq/-/lodash.eq-4.0.9.tgz#80e719f6e62889a85cc4c9ea11fbac88077c4ac0"
-  integrity sha512-YsUnrAJsoBnA8Zg/ACUTjgZyrtfWDSPwwnSPc85a55sQu4sJFXguhp37kJQDvpiTspnckKmzs7SoK2ySTexuxg==
-  dependencies:
-    "@types/lodash" "*"
-
-"@types/lodash.indexof@^4.0.X":
-  version "4.0.9"
-  resolved "https://registry.yarnpkg.com/@types/lodash.indexof/-/lodash.indexof-4.0.9.tgz#24593e6c0ac85913066f38e236c3a086e528cfe2"
-  integrity sha512-Zzjr175BKqZpQxCYtSMcTjEBb8l4fZxeCD9QnMJsnyFSgV1vDMJYRmAAlkegyuF/RM4iMNRlwIT6W2bbqK54FQ==
-  dependencies:
-    "@types/lodash" "*"
-
-"@types/lodash@*", "@types/lodash@^4.14.X":
+"@types/lodash@^4.17.13":
   version "4.17.13"
   resolved "https://registry.yarnpkg.com/@types/lodash/-/lodash-4.17.13.tgz#786e2d67cfd95e32862143abe7463a7f90c300eb"
   integrity sha512-lfx+dftrEZcdBPczf9d0Qv0x+j/rfNCMuC6OcfXmO8gkfeNAY88PgKUbvG56whcN23gc27yenwF6oJZXGFpYxg==
@@ -973,22 +959,12 @@ locate-path@^6.0.0:
   dependencies:
     p-locate "^5.0.0"
 
-lodash.eq@^4.0.0:
-  version "4.0.0"
-  resolved "https://registry.yarnpkg.com/lodash.eq/-/lodash.eq-4.0.0.tgz#a39f06779e72f9c0d1f310c90cd292c1661d5035"
-  integrity sha512-vbrJpXL6kQNG6TkInxX12DZRfuYVllSxhwYqjYB78g2zF3UI15nFO/0AgmZnZRnaQ38sZtjCiVjGr2rnKt4v0g==
-
-lodash.indexof@^4.0.5:
-  version "4.0.5"
-  resolved "https://registry.yarnpkg.com/lodash.indexof/-/lodash.indexof-4.0.5.tgz#53714adc2cddd6ed87638f893aa9b6c24e31ef3c"
-  integrity sha512-t9wLWMQsawdVmf6/IcAgVGqAJkNzYVcn4BHYZKTPW//l7N5Oq7Bq138BaVk19agcsPZePcidSgTTw4NqS1nUAw==
-
 lodash.merge@^4.6.2:
   version "4.6.2"
   resolved "https://registry.yarnpkg.com/lodash.merge/-/lodash.merge-4.6.2.tgz#558aa53b43b661e1925a0afdfa36a9a1085fe57a"
   integrity sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ==
 
-lodash@^4.17.15:
+lodash@^4.17.21:
   version "4.17.21"
   resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz#679591c564c3bffaae8454cf0b3df370c3d6911c"
   integrity sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==