Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

replace lodash.set with dset #5200

Merged
merged 4 commits into from
Mar 6, 2023
Merged

replace lodash.set with dset #5200

merged 4 commits into from
Mar 6, 2023

Conversation

jtmthf
Copy link
Contributor

@jtmthf jtmthf commented Mar 3, 2023

Description

Replace lodash.set with set-value to address a security vulnerability https://security.snyk.io/vuln/SNYK-JS-LODASHSET-1320032

Type of change

  • Bug fix (non-breaking change which fixes an issue)

Checklist:

  • I have followed the
    CONTRIBUTING doc and the
    style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests and linter rules pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules

@changeset-bot
Copy link

changeset-bot bot commented Mar 3, 2023
edited
Loading

🦋 Changeset detected

Latest commit: 0f2bc9e

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 105 packages
Name Type
@graphql-mesh/utils Patch
@graphql-mesh/cli Patch
@graphql-mesh/config Patch
@graphql-mesh/http Patch
@graphql-mesh/jit-executor Patch
json-machete Patch
@graphql-mesh/runtime Patch
@graphql-mesh/store Patch
@graphql-mesh/cache-cfw-kv Patch
@graphql-mesh/cache-file Patch
@graphql-mesh/cache-localforage Patch
@graphql-mesh/cache-redis Patch
@graphql-mesh/graphql Patch
@graphql-mesh/grpc Patch
@graphql-mesh/json-schema Patch
@graphql-mesh/mongoose Patch
@graphql-mesh/mysql Patch
@graphql-mesh/neo4j Patch
@graphql-mesh/odata Patch
@graphql-mesh/openapi Patch
@graphql-mesh/postgraphile Patch
@graphql-mesh/raml Patch
@graphql-mesh/soap Patch
@graphql-mesh/thrift Patch
@graphql-mesh/transform-cache Patch
@graphql-mesh/transform-encapsulate Patch
@graphql-mesh/transform-extend Patch
@graphql-mesh/transform-federation Patch
@graphql-mesh/transform-filter-schema Patch
@graphql-mesh/transform-hoist-field Patch
@graphql-mesh/transform-naming-convention Patch
@graphql-mesh/transform-prefix Patch
@graphql-mesh/transform-rate-limit Patch
@graphql-mesh/transform-rename Patch
@graphql-mesh/transform-replace-field Patch
@graphql-mesh/transform-resolvers-composition Patch
@graphql-mesh/transform-type-merging Patch
@graphql-mesh/merger-bare Patch
@graphql-mesh/merger-federation Patch
@graphql-mesh/merger-stitching Patch
@graphql-mesh/plugin-deduplicate-request Patch
@graphql-mesh/plugin-http-cache Patch
@graphql-mesh/plugin-http-details-extensions Patch
@graphql-mesh/plugin-mock Patch
@graphql-mesh/plugin-newrelic Patch
@graphql-mesh/plugin-prometheus Patch
@graphql-mesh/plugin-response-cache Patch
@graphql-mesh/plugin-snapshot Patch
@graphql-mesh/plugin-statsd Patch
@omnigraph/json-schema Patch
@omnigraph/openapi Patch
@omnigraph/raml Patch
@omnigraph/soap Patch
auth0-example Patch
cloudflare-workers Patch
example-gcp Patch
graphql-file-upload-example Patch
grpc-example Patch
grpc-reflection-example Patch
hasura-openbrewery-geodb Patch
hello-world-esm Patch
json-schema-hello-world Patch
covid-mesh Patch
json-schema-example Patch
json-schema-fhir Patch
json-schema-file-upload Patch
json-schema-subscriptions Patch
mongoose-example Patch
mysql-employees Patch
mysql-rfam Patch
neo4j-example Patch
nextjs-apollo-example Patch
nextjs-sdk-example Patch
odata-microsoft-graph-example Patch
odata-msgraph-programmatic-ts Patch
odata-msgraph-programmatic Patch
odata-trippin-example Patch
javascript-wiki Patch
typescript-location-weather-example Patch
openapi-meilisearch Patch
openapi-stackexchange Patch
openapi-stripe Patch
openapi-subscriptions Patch
openapi-youtrack Patch
openwhisk-example Patch
postgres-geodb-example Patch
programmatic-batching-example Patch
reddit-example Patch
country-info-example Patch
soap-demo Patch
soap-netsuite Patch
spacex-cfw Patch
chinook Patch
thrift-calculator Patch
type-merging-batching-example Patch
federation-gateway Patch
gateway-example Patch
@graphql-mesh/types Patch
@graphql-mesh/tuql Patch
@graphql-mesh/transform-hive Patch
@graphql-mesh/transform-prune Patch
@graphql-mesh/plugin-hive Patch
@graphql-mesh/plugin-live-query Patch
@graphql-mesh/plugin-operation-field-permissions Patch
@graphql-mesh/plugin-rate-limit Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@vsricodes
Copy link
Contributor

Hi, I am waiting for this PR to be merged in. We're trying to resolve a lodash.set vulnerability found on Snyk test.

@ardatan
Copy link
Owner

ardatan commented Mar 6, 2023

Can we use ESM compatible https://github.com/lukeed/dset instead?

@ardatan ardatan changed the title replace lodash.set with set-value replace lodash.set with dset Mar 6, 2023
@ardatan ardatan merged commit fa2c010 into ardatan:master Mar 6, 2023
@github-actions github-actions bot mentioned this pull request Mar 6, 2023
Merged
@jtmthf jtmthf deleted the replace-lodash.set branch March 6, 2023 23:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jtmthf @vsricodes @ardatan