bug(commitlint): update lodash to 4.17.11 to fix vulenrabilities

Author: kzmv

@commitlint/cli/package.json

@@ -82,8 +82,7 @@
     "babel-polyfill": "6.26.0",
     "chalk": "2.3.1",
     "get-stdin": "5.0.1",
-    "lodash.merge": "4.6.1",
-    "lodash.pick": "4.4.0",
+    "lodash": "^4.17.11",
     "meow": "5.0.0",
     "resolve-from": "^4.0.0",
     "resolve-global": "^0.1.0"

@commitlint/cli/src/cli.js

@@ -5,8 +5,8 @@ const load = require('@commitlint/load');
 const lint = require('@commitlint/lint');
 const read = require('@commitlint/read');
 const meow = require('meow');
-const merge = require('lodash.merge');
-const pick = require('lodash.pick');
+const merge = require('lodash/merge');
+const pick = require('lodash/pick');
 const stdin = require('get-stdin');
 const resolveFrom = require('resolve-from');
 const resolveGlobal = require('resolve-global');

@commitlint/cli/src/cli.test.js

@@ -2,7 +2,7 @@ import path from 'path';
 import {fix, git} from '@commitlint/test';
 import test from 'ava';
 import execa from 'execa';
-import merge from 'lodash.merge';
+import merge from 'lodash/merge';
 import * as sander from 'sander';
 import stream from 'string-to-stream';
 
@@ -264,17 +264,27 @@ test('should fail for invalid formatters from flags', async t => {
 });
 
 test('should work with absolute formatter path', async t => {
-	const formatterPath = path.resolve(__dirname, '../fixtures/custom-formatter/formatters/custom.js');
+	const formatterPath = path.resolve(
+		__dirname,
+		'../fixtures/custom-formatter/formatters/custom.js'
+	);
 	const cwd = await git.bootstrap('fixtures/custom-formatter');
-	const actual = await cli(['--format', formatterPath], {cwd})('test: this should work');
+	const actual = await cli(['--format', formatterPath], {cwd})(
+		'test: this should work'
+	);
 
 	t.true(actual.stdout.includes('custom-formatter-ok'));
 	t.is(actual.code, 0);
 });
 
 test('should work with relative formatter path', async t => {
-	const cwd = path.resolve(await git.bootstrap('fixtures/custom-formatter'), './formatters');
-	const actual = await cli(['--format', './custom.js'], {cwd})('test: this should work');
+	const cwd = path.resolve(
+		await git.bootstrap('fixtures/custom-formatter'),
+		'./formatters'
+	);
+	const actual = await cli(['--format', './custom.js'], {cwd})(
+		'test: this should work'
+	);
 
 	t.true(actual.stdout.includes('custom-formatter-ok'));
 	t.is(actual.code, 0);

@commitlint/config-patternplate/index.js

@@ -1,6 +1,6 @@
 const path = require('path');
 const globby = require('globby');
-const merge = require('lodash.merge');
+const merge = require('lodash/merge');
 
 function pathToId(root, filePath) {
 	const relativePath = path.relative(root, filePath);

@commitlint/config-patternplate/package.json

@@ -33,7 +33,7 @@
   "dependencies": {
     "@commitlint/config-angular": "^7.1.2",
     "globby": "8.0.1",
-    "lodash.merge": "4.6.1"
+    "lodash": "4.17.11"
   },
   "devDependencies": {
     "@commitlint/utils": "^7.1.2",

@commitlint/ensure/package.json

@@ -68,15 +68,10 @@
     "concurrently": "3.5.1",
     "cross-env": "5.1.1",
     "globby": "8.0.1",
-    "lodash.values": "4.3.0",
     "rimraf": "2.6.1",
     "xo": "0.20.3"
   },
   "dependencies": {
-    "lodash.camelcase": "4.3.0",
-    "lodash.kebabcase": "4.1.1",
-    "lodash.snakecase": "4.1.1",
-    "lodash.startcase": "4.4.0",
-    "lodash.upperfirst": "4.3.1"
+    "lodash": "^4.17.11"
   }
 }

@commitlint/ensure/src/case.js

@@ -1,8 +1,8 @@
-import camelCase from 'lodash.camelcase';
-import kebabCase from 'lodash.kebabcase';
-import snakeCase from 'lodash.snakecase';
-import upperFirst from 'lodash.upperfirst';
-import startCase from 'lodash.startcase';
+import camelCase from 'lodash/camelcase';
+import kebabCase from 'lodash/kebabcase';
+import snakeCase from 'lodash/snakecase';
+import upperFirst from 'lodash/upperfirst';
+import startCase from 'lodash/startcase';
 
 export default ensureCase;
 

@commitlint/ensure/src/index.test.js

@@ -1,8 +1,8 @@
 import path from 'path';
 import test from 'ava';
 import globby from 'globby';
-import camelCase from 'lodash.camelcase';
-import values from 'lodash.values';
+import camelCase from 'lodash/camelcase';
+import values from 'lodash/values';
 import * as ensure from '.';
 
 test('exports all rules', async t => {

@commitlint/format/package.json

@@ -73,6 +73,7 @@
   },
   "dependencies": {
     "babel-runtime": "^6.23.0",
-    "chalk": "^2.0.1"
+    "chalk": "^2.0.1",
+    "lodash": "^4.17.11"
   }
 }

@commitlint/format/src/index.test.js

@@ -1,6 +1,6 @@
 import test from 'ava';
 import chalk from 'chalk';
-import includes from 'lodash.includes';
+import includes from 'lodash/includes';
 import format from '.';
 
 const ok = chalk.bold(`${chalk.green('✔')}   found 0 problems, 0 warnings`);

@commitlint/lint/package.json

@@ -78,6 +78,7 @@
     "@commitlint/parse": "^7.1.2",
     "@commitlint/rules": "^7.2.0",
     "babel-runtime": "^6.23.0",
+    "lodash": "^4.17.11",
     "lodash.topairs": "4.3.0"
   }
 }

@commitlint/lint/src/index.js

@@ -2,7 +2,7 @@ import util from 'util';
 import isIgnored from '@commitlint/is-ignored';
 import parse from '@commitlint/parse';
 import implementations from '@commitlint/rules';
-import entries from 'lodash.topairs';
+import entries from 'lodash/topairs';
 
 const buildCommitMesage = ({header, body, footer}) => {
 	let message = header;

@commitlint/load/package.json

@@ -77,6 +77,7 @@
     "@commitlint/resolve-extends": "^7.1.2",
     "babel-runtime": "^6.23.0",
     "cosmiconfig": "^4.0.0",
+    "lodash": "^4.17.11",
     "lodash.merge": "4.6.1",
     "lodash.mergewith": "4.6.1",
     "lodash.pick": "4.4.0",

@commitlint/load/src/index.js

@@ -2,10 +2,10 @@ import path from 'path';
 import executeRule from '@commitlint/execute-rule';
 import resolveExtends from '@commitlint/resolve-extends';
 import cosmiconfig from 'cosmiconfig';
-import entries from 'lodash.topairs';
-import merge from 'lodash.merge';
-import mergeWith from 'lodash.mergewith';
-import pick from 'lodash.pick';
+import entries from 'lodash/topairs';
+import merge from 'lodash/merge';
+import mergeWith from 'lodash/mergewith';
+import pick from 'lodash/pick';
 import resolveFrom from 'resolve-from';
 
 const w = (a, b) => (Array.isArray(b) ? b : undefined);
@@ -54,7 +54,8 @@ export default async (seed = {}, options = {cwd: process.cwd()}) => {
 
 	// Resolve config-relative formatter module
 	if (typeof config.formatter === 'string') {
-		preset.formatter = resolveFrom.silent(base, config.formatter) || config.formatter;
+		preset.formatter =
+			resolveFrom.silent(base, config.formatter) || config.formatter;
 	}
 
 	// Execute rule config functions if needed

@commitlint/parse/package.json

@@ -73,6 +73,7 @@
   },
   "dependencies": {
     "conventional-changelog-angular": "^1.3.3",
-    "conventional-commits-parser": "^2.1.0"
+    "conventional-commits-parser": "^2.1.0",
+    "lodash": "^4.17.11"
   }
 }

@commitlint/prompt/package.json

@@ -72,6 +72,7 @@
     "@commitlint/load": "^7.2.1",
     "babel-runtime": "^6.23.0",
     "chalk": "^2.0.0",
+    "lodash": "^4.17.11",
     "lodash.camelcase": "4.3.0",
     "lodash.kebabcase": "4.1.1",
     "lodash.snakecase": "4.1.1",

@commitlint/prompt/src/library/format.js

@@ -1,5 +1,5 @@
 import chalk from 'chalk';
-import entries from 'lodash.topairs';
+import entries from 'lodash/topairs';
 
 export default format;
 

@commitlint/prompt/src/library/get-forced-case-fn.js

@@ -1,8 +1,8 @@
-import camelCase from 'lodash.camelcase';
-import kebabCase from 'lodash.kebabcase';
-import snakeCase from 'lodash.snakecase';
-import upperFirst from 'lodash.upperfirst';
-import startCase from 'lodash.startcase';
+import camelCase from 'lodash/camelcase';
+import kebabCase from 'lodash/kebabcase';
+import snakeCase from 'lodash/snakecase';
+import upperFirst from 'lodash/upperfirst';
+import startCase from 'lodash/startcase';
 
 /**
  * Get forced case for rule

@commitlint/prompt/src/library/meta.js

@@ -1,5 +1,5 @@
 import chalk from 'chalk';
-import entries from 'lodash.topairs';
+import entries from 'lodash/topairs';
 
 /**
  * Get formatted meta hints for configuration

@commitlint/resolve-extends/package.json

@@ -75,6 +75,7 @@
   },
   "dependencies": {
     "babel-runtime": "6.26.0",
+    "lodash": "^4.17.11",
     "lodash.merge": "4.6.1",
     "lodash.omit": "4.5.0",
     "require-uncached": "^1.0.3",

@commitlint/resolve-extends/src/index.js

@@ -3,8 +3,8 @@ import path from 'path';
 import 'resolve-global'; // eslint-disable-line import/no-unassigned-import
 import requireUncached from 'require-uncached';
 import resolveFrom from 'resolve-from';
-import merge from 'lodash.merge';
-import omit from 'lodash.omit';
+import merge from 'lodash/merge';
+import omit from 'lodash/omit';
 
 // Resolve extend configs
 export default function resolveExtends(config = {}, context = {}) {

@commitlint/rules/package.json

@@ -78,6 +78,7 @@
     "@commitlint/ensure": "^7.2.0",
     "@commitlint/message": "^7.1.2",
     "@commitlint/to-lines": "^7.1.2",
-    "babel-runtime": "^6.23.0"
+    "babel-runtime": "^6.23.0",
+    "lodash": "^4.17.11"
   }
 }

@commitlint/rules/src/index.test.js

@@ -1,7 +1,7 @@
 import path from 'path';
 import test from 'ava';
 import globby from 'globby';
-import values from 'lodash.values';
+import values from 'lodash/values';
 import rules from '.';
 
 test('exports all rules', async t => {

@packages/utils/package.json

@@ -50,7 +50,7 @@
     "@marionebl/sander": "0.6.1",
     "execa": "0.9.0",
     "is-builtin-module": "2.0.0",
-    "lodash.values": "4.3.0",
+    "lodash": "^4.17.11",
     "meow": "4.0.0",
     "read-pkg": "3.0.0",
     "require-from-string": "2.0.1",

@packages/utils/pkg-check.js

@@ -8,7 +8,7 @@ const meow = require('meow');
 const readPkg = require('read-pkg');
 const requireFromString = require('require-from-string');
 const tar = require('tar-fs');
-const values = require('lodash.values');
+const values = require('lodash/values');
 const fix = require('@commitlint/test').fix;
 
 const builtin = require.resolve('is-builtin-module');