Skip to content

Commit

Permalink
fix: remove vulnerable dependency combine-lists (#3273)
Browse files Browse the repository at this point in the history
Remove `combine-lists` as a dependency. Use `_.union` instead now.

Fixes #3265
  • Loading branch information
SteinRobert authored and johnjbarton committed Feb 20, 2019
1 parent 4ec4f6f commit c43f584
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 5 deletions.
6 changes: 3 additions & 3 deletions lib/preprocessor.js
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
const fs = require('graceful-fs')
const mm = require('minimatch')
const isBinaryFile = require('isbinaryfile')
const combineLists = require('combine-lists')
const _ = require('lodash')
const CryptoUtils = require('./utils/crypto-utils')

const log = require('./logger').create('preprocess')
Expand Down Expand Up @@ -63,7 +63,7 @@ function createPreprocessor (config, basePath, injector) {

let allPreprocessors = []
patterns.forEach((pattern) => {
allPreprocessors = combineLists(allPreprocessors, config[pattern])
allPreprocessors = _.union(allPreprocessors, config[pattern])
})
allPreprocessors.forEach(instantiatePreprocessor)

Expand Down Expand Up @@ -92,7 +92,7 @@ function createPreprocessor (config, basePath, injector) {
let preprocessorNames = []
patterns.forEach((pattern) => {
if (mm(file.originalPath, pattern, {dot: true})) {
preprocessorNames = combineLists(preprocessorNames, config[pattern])
preprocessorNames = _.union(preprocessorNames, config[pattern])
}
})

Expand Down
3 changes: 1 addition & 2 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -383,7 +383,6 @@
"braces": "^2.3.2",
"chokidar": "^2.0.3",
"colors": "^1.1.0",
"combine-lists": "^1.0.0",
"connect": "^3.6.0",
"core-js": "^2.2.0",
"di": "^0.0.1",
Expand All @@ -393,7 +392,7 @@
"graceful-fs": "^4.1.2",
"http-proxy": "^1.13.0",
"isbinaryfile": "^3.0.0",
"lodash": "^4.17.5",
"lodash": "^4.17.11",
"log4js": "^4.0.0",
"mime": "^2.3.1",
"minimatch": "^3.0.2",
Expand Down

0 comments on commit c43f584

Please sign in to comment.