From be9e3423a43ac55c1f880ed35c14b0659e53072e Mon Sep 17 00:00:00 2001 From: Theo Gravity Date: Wed, 10 Jul 2024 15:34:23 -0700 Subject: [PATCH 1/2] Replace Lodash with Smaller Modular Packages for Improved Performance and to remove security vulnerabilities --- bin/migrate-mongo.js | 7 ++-- lib/actions/down.js | 4 +-- lib/actions/status.js | 2 +- lib/actions/up.js | 4 +-- lib/env/config.js | 2 +- lib/env/database.js | 8 ++--- package-lock.json | 77 +++++++++++++++++++++++++++++++++---------- package.json | 7 +++- 8 files changed, 80 insertions(+), 31 deletions(-) diff --git a/bin/migrate-mongo.js b/bin/migrate-mongo.js index 02c7f93..33743d2 100755 --- a/bin/migrate-mongo.js +++ b/bin/migrate-mongo.js @@ -1,7 +1,8 @@ #! /usr/bin/env node const program = require("commander"); -const _ = require("lodash"); +const isEmpty = require("lodash.isempty"); +const values = require("lodash.values"); const Table = require("cli-table3"); const migrateMongo = require("../lib/migrate-mongo"); const pkgjson = require("../package.json"); @@ -21,7 +22,7 @@ function printStatusTable(statusItems) { return migrateMongo.config.read().then(config => { const useFileHash = config.useFileHash === true; const table = new Table({ head: useFileHash ? ["Filename", "Hash", "Applied At"] : ["Filename", "Applied At"]}); - statusItems.forEach(item => table.push(_.values(item))); + statusItems.forEach(item => table.push(values(item))); console.log(table.toString()); }) @@ -137,6 +138,6 @@ program program.parse(process.argv); -if (_.isEmpty(program.rawArgs)) { +if (isEmpty(program.rawArgs)) { program.outputHelp(); } diff --git a/lib/actions/down.js b/lib/actions/down.js index f5defdf..f8f1598 100644 --- a/lib/actions/down.js +++ b/lib/actions/down.js @@ -1,4 +1,4 @@ -const _ = require("lodash"); +const last = require("lodash.last"); const status = require("./status"); const config = require("../env/config"); @@ -17,7 +17,7 @@ module.exports = async (db, client) => { } = await config.read(); const appliedItems = statusItems.filter(item => item[dateField] !== "PENDING" && item.appliedManually !== true); const manualMigrationFileToApply = global.options.migrationFile - const lastAppliedItem = _.last(appliedItems); + const lastAppliedItem = last(appliedItems); if (!manualMigrationFileToApply && await lock.exist(db)) { throw new Error("Could not migrate down, a lock is in place."); diff --git a/lib/actions/status.js b/lib/actions/status.js index d5b6953..f32afcf 100644 --- a/lib/actions/status.js +++ b/lib/actions/status.js @@ -1,4 +1,4 @@ -const { find } = require("lodash"); +const find = require("lodash.find"); const migrationsDir = require("../env/migrationsDir"); const config = require("../env/config"); const getName = require('../utils/name'); diff --git a/lib/actions/up.js b/lib/actions/up.js index 0ee0047..9fd8f44 100644 --- a/lib/actions/up.js +++ b/lib/actions/up.js @@ -1,5 +1,5 @@ /* eslint no-console: 0 */ -const _ = require("lodash"); +const filter = require("lodash.filter"); const pEachSeries = require("p-each-series"); const status = require("./status"); @@ -20,7 +20,7 @@ module.exports = async (db, client) => { context, } = configObject; - const pendingItems = _.filter(statusItems, { [dateField]: "PENDING" }); + const pendingItems = filter(statusItems, { [dateField]: "PENDING" }); const migrated = []; const manualMigrationFileToApply = global.options.migrationFile diff --git a/lib/env/config.js b/lib/env/config.js index 8e7abba..4e6992e 100644 --- a/lib/env/config.js +++ b/lib/env/config.js @@ -1,7 +1,7 @@ const fs = require("fs-extra"); const path = require("path"); const url = require("url"); -const { get } = require("lodash"); +const get = require("lodash.get"); const moduleLoader = require('../utils/module-loader'); const DEFAULT_CONFIG_FILE_NAME = "migrate-mongo-config.js"; diff --git a/lib/env/database.js b/lib/env/database.js index 70ce8fd..d7cdbcb 100644 --- a/lib/env/database.js +++ b/lib/env/database.js @@ -1,13 +1,13 @@ const { MongoClient } = require("mongodb"); -const _ = require("lodash"); +const get = require("lodash.get"); const config = require("./config"); module.exports = { async connect() { const configContent = await config.read(); - const url = _.get(configContent, "mongodb.url"); - const databaseName = _.get(configContent, "mongodb.databaseName"); - const options = _.get(configContent, "mongodb.options"); + const url = get(configContent, "mongodb.url"); + const databaseName = get(configContent, "mongodb.databaseName"); + const options = get(configContent, "mongodb.options"); if (!url) { throw new Error("No `url` defined in config file!"); diff --git a/package-lock.json b/package-lock.json index 935f51a..b63c8b2 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,19 +1,24 @@ { "name": "migrate-mongo-alt", - "version": "11.2.0", + "version": "12.0.0", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "migrate-mongo-alt", - "version": "11.2.0", + "version": "12.0.0", "license": "MIT", "dependencies": { "cli-table3": "^0.6.1", "commander": "^9.1.0", "date-fns": "^2.28.0", "fs-extra": "^10.0.1", - "lodash": "^4.17.21", + "lodash.filter": "^4.6.0", + "lodash.find": "^4.6.0", + "lodash.get": "^4.4.2", + "lodash.isempty": "^4.4.0", + "lodash.last": "^3.0.0", + "lodash.values": "^4.3.0", "p-each-series": "^2.2.0" }, "bin": { @@ -33,10 +38,10 @@ "sinon": "^13.0.1" }, "engines": { - "node": ">=12" + "node": ">=18" }, "peerDependencies": { - "mongodb": "^4.4.1 || ^5.0.0 || ^6.0.0" + "mongodb": "^4.4.1 || ^5.0.0 || ^6.0.0 || ^7.0.0" } }, "node_modules/@ampproject/remapping": { @@ -2944,10 +2949,15 @@ "node": ">=4" } }, - "node_modules/lodash": { - "version": "4.17.21", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", - "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" + "node_modules/lodash.filter": { + "version": "4.6.0", + "resolved": "https://registry.npmjs.org/lodash.filter/-/lodash.filter-4.6.0.tgz", + "integrity": "sha512-pXYUy7PR8BCLwX5mgJ/aNtyOvuJTdZAo9EQFUvMIYugqmJxnrYaANvTbgndOzHSCSR0wnlBBfRXJL5SbWxo3FQ==" + }, + "node_modules/lodash.find": { + "version": "4.6.0", + "resolved": "https://registry.npmjs.org/lodash.find/-/lodash.find-4.6.0.tgz", + "integrity": "sha512-yaRZoAV3Xq28F1iafWN1+a0rflOej93l1DQUejs3SZ41h2O9UJBoS9aueGjPDgAl4B6tPC0NuuchLKaDQQ3Isg==" }, "node_modules/lodash.flattendeep": { "version": "4.4.0", @@ -2958,8 +2968,17 @@ "node_modules/lodash.get": { "version": "4.4.2", "resolved": "https://registry.npmjs.org/lodash.get/-/lodash.get-4.4.2.tgz", - "integrity": "sha1-LRd/ZS+jHpObRDjVNBSZ36OCXpk=", - "dev": true + "integrity": "sha1-LRd/ZS+jHpObRDjVNBSZ36OCXpk=" + }, + "node_modules/lodash.isempty": { + "version": "4.4.0", + "resolved": "https://registry.npmjs.org/lodash.isempty/-/lodash.isempty-4.4.0.tgz", + "integrity": "sha512-oKMuF3xEeqDltrGMfDxAPGIVMSSRv8tbRSODbrs4KGsRRLEhrW8N8Rd4DRgB2+621hY8A8XwwrTVhXWpxFvMzg==" + }, + "node_modules/lodash.last": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/lodash.last/-/lodash.last-3.0.0.tgz", + "integrity": "sha512-14mq7rSkCxG4XMy9lF2FbIOqqgF0aH0NfPuQ3LPR3vIh0kHnUvIYP70dqa1Hf47zyXfQ8FzAg0MYOQeSuE1R7A==" }, "node_modules/lodash.merge": { "version": "4.6.2", @@ -2967,6 +2986,11 @@ "integrity": "sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ==", "dev": true }, + "node_modules/lodash.values": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/lodash.values/-/lodash.values-4.3.0.tgz", + "integrity": "sha512-r0RwvdCv8id9TUblb/O7rYPwVy6lerCbcawrfdo9iC/1t1wsNMJknO79WNBgwkH0hIeJ08jmvvESbFpNb4jH0Q==" + }, "node_modules/log-driver": { "version": "1.2.7", "resolved": "https://registry.npmjs.org/log-driver/-/log-driver-1.2.7.tgz", @@ -6933,10 +6957,15 @@ "path-exists": "^3.0.0" } }, - "lodash": { - "version": "4.17.21", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", - "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" + "lodash.filter": { + "version": "4.6.0", + "resolved": "https://registry.npmjs.org/lodash.filter/-/lodash.filter-4.6.0.tgz", + "integrity": "sha512-pXYUy7PR8BCLwX5mgJ/aNtyOvuJTdZAo9EQFUvMIYugqmJxnrYaANvTbgndOzHSCSR0wnlBBfRXJL5SbWxo3FQ==" + }, + "lodash.find": { + "version": "4.6.0", + "resolved": "https://registry.npmjs.org/lodash.find/-/lodash.find-4.6.0.tgz", + "integrity": "sha512-yaRZoAV3Xq28F1iafWN1+a0rflOej93l1DQUejs3SZ41h2O9UJBoS9aueGjPDgAl4B6tPC0NuuchLKaDQQ3Isg==" }, "lodash.flattendeep": { "version": "4.4.0", @@ -6947,8 +6976,17 @@ "lodash.get": { "version": "4.4.2", "resolved": "https://registry.npmjs.org/lodash.get/-/lodash.get-4.4.2.tgz", - "integrity": "sha1-LRd/ZS+jHpObRDjVNBSZ36OCXpk=", - "dev": true + "integrity": "sha1-LRd/ZS+jHpObRDjVNBSZ36OCXpk=" + }, + "lodash.isempty": { + "version": "4.4.0", + "resolved": "https://registry.npmjs.org/lodash.isempty/-/lodash.isempty-4.4.0.tgz", + "integrity": "sha512-oKMuF3xEeqDltrGMfDxAPGIVMSSRv8tbRSODbrs4KGsRRLEhrW8N8Rd4DRgB2+621hY8A8XwwrTVhXWpxFvMzg==" + }, + "lodash.last": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/lodash.last/-/lodash.last-3.0.0.tgz", + "integrity": "sha512-14mq7rSkCxG4XMy9lF2FbIOqqgF0aH0NfPuQ3LPR3vIh0kHnUvIYP70dqa1Hf47zyXfQ8FzAg0MYOQeSuE1R7A==" }, "lodash.merge": { "version": "4.6.2", @@ -6956,6 +6994,11 @@ "integrity": "sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ==", "dev": true }, + "lodash.values": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/lodash.values/-/lodash.values-4.3.0.tgz", + "integrity": "sha512-r0RwvdCv8id9TUblb/O7rYPwVy6lerCbcawrfdo9iC/1t1wsNMJknO79WNBgwkH0hIeJ08jmvvESbFpNb4jH0Q==" + }, "log-driver": { "version": "1.2.7", "resolved": "https://registry.npmjs.org/log-driver/-/log-driver-1.2.7.tgz", diff --git a/package.json b/package.json index 9a2c7f1..2f89675 100644 --- a/package.json +++ b/package.json @@ -30,7 +30,12 @@ "commander": "^9.1.0", "date-fns": "^2.28.0", "fs-extra": "^10.0.1", - "lodash": "^4.17.21", + "lodash.filter": "^4.6.0", + "lodash.find": "^4.6.0", + "lodash.get": "^4.4.2", + "lodash.isempty": "^4.4.0", + "lodash.last": "^3.0.0", + "lodash.values": "^4.3.0", "p-each-series": "^2.2.0" }, "peerDependencies": { From b0bd274729942a48fbb4a25efd0d4917e3cfb531 Mon Sep 17 00:00:00 2001 From: Theo Gravity Date: Wed, 10 Jul 2024 15:40:18 -0700 Subject: [PATCH 2/2] Add changelog --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index f45545c..507f2c4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,10 @@ # Changelog +## 12.0.1 + +Added a modification of @prashantswami PR [Replace Lodash with Smaller Modular Packages for Improved Performance and to remove security vulnerabilities](https://github.com/seppevs/migrate-mongo/pull/447) replaces the lone `lodash` dependency with smaller, more focused packages + to also address security issues. + ## 12.0.0 - Rebased against the repo that this project is forked from, [`seppevs/migrate-mongo`](migrate-mongo)