From c43f58427227e6a7fbaa95420a72ca9018839b87 Mon Sep 17 00:00:00 2001 From: Robert Stein Date: Wed, 20 Feb 2019 16:32:11 +0100 Subject: [PATCH] fix: remove vulnerable dependency combine-lists (#3273) Remove `combine-lists` as a dependency. Use `_.union` instead now. Fixes #3265 --- lib/preprocessor.js | 6 +++--- package.json | 3 +-- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/lib/preprocessor.js b/lib/preprocessor.js index a75eb7303..079821419 100644 --- a/lib/preprocessor.js +++ b/lib/preprocessor.js @@ -3,7 +3,7 @@ const fs = require('graceful-fs') const mm = require('minimatch') const isBinaryFile = require('isbinaryfile') -const combineLists = require('combine-lists') +const _ = require('lodash') const CryptoUtils = require('./utils/crypto-utils') const log = require('./logger').create('preprocess') @@ -63,7 +63,7 @@ function createPreprocessor (config, basePath, injector) { let allPreprocessors = [] patterns.forEach((pattern) => { - allPreprocessors = combineLists(allPreprocessors, config[pattern]) + allPreprocessors = _.union(allPreprocessors, config[pattern]) }) allPreprocessors.forEach(instantiatePreprocessor) @@ -92,7 +92,7 @@ function createPreprocessor (config, basePath, injector) { let preprocessorNames = [] patterns.forEach((pattern) => { if (mm(file.originalPath, pattern, {dot: true})) { - preprocessorNames = combineLists(preprocessorNames, config[pattern]) + preprocessorNames = _.union(preprocessorNames, config[pattern]) } }) diff --git a/package.json b/package.json index b8df0052b..f95dc5225 100644 --- a/package.json +++ b/package.json @@ -383,7 +383,6 @@ "braces": "^2.3.2", "chokidar": "^2.0.3", "colors": "^1.1.0", - "combine-lists": "^1.0.0", "connect": "^3.6.0", "core-js": "^2.2.0", "di": "^0.0.1", @@ -393,7 +392,7 @@ "graceful-fs": "^4.1.2", "http-proxy": "^1.13.0", "isbinaryfile": "^3.0.0", - "lodash": "^4.17.5", + "lodash": "^4.17.11", "log4js": "^4.0.0", "mime": "^2.3.1", "minimatch": "^3.0.2",