client: Replace lodash.pick with lodash-es

The former has not been updated for a while, and contains a prototype pollutioon vulnerability: GHSA-p6mc-m468-83gw We were not affected since we supply the properties ourselves but this will rid of the `npm audit` complaining. Also, the per-method lodash packages are discouraged so this will make the code more future proof: https://lodash.com/per-method-packages
fossar · Apr 6, 2024 · cc629a1 · cc629a1
1 parent cfe1536
commit cc629a1
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 8 deletions.
diff --git a/client/js/templates/Source.jsx b/client/js/templates/Source.jsx
@@ -13,7 +13,7 @@ import PropTypes from 'prop-types';
 import nullable from 'prop-types-nullable';
 import { unescape } from 'html-escaper';
 import classNames from 'classnames';
-import pick from 'lodash.pick';
+import { pick } from 'lodash-es';
 import SourceParam from './SourceParam';
 import { Spinner } from './Spinner';
 import * as sourceRequests from '../requests/sources';

diff --git a/client/package-lock.json b/client/package-lock.json
diff --git a/client/package.json b/client/package.json
@@ -15,7 +15,7 @@
     "focus-trap": "^7.0.0",
     "form-urlencoded": "^6.0.0",
     "html-escaper": "^3.0.0",
-    "lodash.pick": "^4.4.0",
+    "lodash-es": "^4.17.21",
     "prop-types": "^15.7.2",
     "prop-types-nullable": "^1.0.1",
     "ramda": "^0.29.0",