From fedcc2e23c679300126b858ac4c9cb29353d1f47 Mon Sep 17 00:00:00 2001
From: yukun-han <yukun.han@thoughtworks.com>
Date: Sat, 3 Feb 2024 18:46:43 +0800
Subject: [PATCH] fix: retire lodash omitby to fix vulnerability

---
 package-lock.json      | 11 -----------
 package.json           |  1 -
 src/dsl/graphql.ts     | 22 ++++++++++------------
 src/dsl/interaction.ts | 18 ++++++++----------
 4 files changed, 18 insertions(+), 34 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 730de317b..74d1e3a08 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -24,7 +24,6 @@
         "lodash.isnil": "4.0.0",
         "lodash.isundefined": "3.0.1",
         "lodash.omit": "^4.5.0",
-        "lodash.omitby": "4.6.0",
         "pkginfo": "^0.4.1",
         "ramda": "^0.28.0",
         "randexp": "^0.5.3"
@@ -7421,11 +7420,6 @@
       "resolved": "https://registry.npmjs.org/lodash.omit/-/lodash.omit-4.5.0.tgz",
       "integrity": "sha512-XeqSp49hNGmlkj2EJlfrQFIzQ6lXdNro9sddtQzcJY8QaoC2GO0DT7xaIokHeyM+mIT0mPMlPvkYzg2xCuHdZg=="
     },
-    "node_modules/lodash.omitby": {
-      "version": "4.6.0",
-      "resolved": "https://registry.npmjs.org/lodash.omitby/-/lodash.omitby-4.6.0.tgz",
-      "integrity": "sha512-5OrRcIVR75M288p4nbI2WLAf3ndw2GD9fyNv3Bc15+WCxJDdZ4lYndSxGd7hnG6PVjiJTeJE2dHEGhIuKGicIQ=="
-    },
     "node_modules/log-symbols": {
       "version": "4.1.0",
       "resolved": "https://registry.npmjs.org/log-symbols/-/log-symbols-4.1.0.tgz",
@@ -16944,11 +16938,6 @@
       "resolved": "https://registry.npmjs.org/lodash.omit/-/lodash.omit-4.5.0.tgz",
       "integrity": "sha512-XeqSp49hNGmlkj2EJlfrQFIzQ6lXdNro9sddtQzcJY8QaoC2GO0DT7xaIokHeyM+mIT0mPMlPvkYzg2xCuHdZg=="
     },
-    "lodash.omitby": {
-      "version": "4.6.0",
-      "resolved": "https://registry.npmjs.org/lodash.omitby/-/lodash.omitby-4.6.0.tgz",
-      "integrity": "sha512-5OrRcIVR75M288p4nbI2WLAf3ndw2GD9fyNv3Bc15+WCxJDdZ4lYndSxGd7hnG6PVjiJTeJE2dHEGhIuKGicIQ=="
-    },
     "log-symbols": {
       "version": "4.1.0",
       "resolved": "https://registry.npmjs.org/log-symbols/-/log-symbols-4.1.0.tgz",
diff --git a/package.json b/package.json
index 8dfdc806a..e0b0fbf45 100644
--- a/package.json
+++ b/package.json
@@ -110,7 +110,6 @@
     "lodash.isnil": "4.0.0",
     "lodash.isundefined": "3.0.1",
     "lodash.omit": "^4.5.0",
-    "lodash.omitby": "4.6.0",
     "pkginfo": "^0.4.1",
     "ramda": "^0.28.0",
     "randexp": "^0.5.3"
diff --git a/src/dsl/graphql.ts b/src/dsl/graphql.ts
index 821c349dc..4ef4335c4 100644
--- a/src/dsl/graphql.ts
+++ b/src/dsl/graphql.ts
@@ -3,7 +3,8 @@
  *
  * @module GraphQL
  */
-import { isNil, extend, omitBy, isUndefined } from 'lodash';
+import { isNil, extend, isUndefined } from 'lodash';
+import { reject } from 'ramda';
 import gql from 'graphql-tag';
 import { Interaction, InteractionStateComplete } from './interaction';
 import { regex } from './matchers';
@@ -106,17 +107,14 @@ export class GraphQLInteraction extends Interaction {
 
     this.state.request = extend(
       {
-        body: omitBy(
-          {
-            operationName: this.operation,
-            query: regex({
-              generate: this.query,
-              matcher: escapeGraphQlQuery(this.query),
-            }),
-            variables: this.variables,
-          },
-          isUndefined
-        ),
+        body: reject(isUndefined, {
+          operationName: this.operation,
+          query: regex({
+            generate: this.query,
+            matcher: escapeGraphQlQuery(this.query),
+          }),
+          variables: this.variables,
+        }),
         headers: { 'Content-Type': 'application/json' },
         method: 'POST',
       },
diff --git a/src/dsl/interaction.ts b/src/dsl/interaction.ts
index 4dbf1a0f3..6a3e31992 100644
--- a/src/dsl/interaction.ts
+++ b/src/dsl/interaction.ts
@@ -3,7 +3,8 @@
  * @module Interaction
  */
 
-import { isNil, keys, omitBy } from 'lodash';
+import { isNil, keys } from 'lodash';
+import { reject } from 'ramda';
 import { HTTPMethods, HTTPMethod } from '../common/request';
 import { Matcher, isMatcher, AnyTemplate } from './matchers';
 import ConfigurationError from '../errors/configurationError';
@@ -131,7 +132,7 @@ export class Interaction {
       throwIfQueryObjectInvalid(requestOpts.query);
     }
 
-    this.state.request = omitBy(requestOpts, isNil) as RequestOptions;
+    this.state.request = reject(isNil, requestOpts) as RequestOptions;
 
     return this;
   }
@@ -152,14 +153,11 @@ export class Interaction {
       throw new ConfigurationError('You must provide a status code.');
     }
 
-    this.state.response = omitBy(
-      {
-        body: responseOpts.body,
-        headers: responseOpts.headers || undefined,
-        status: responseOpts.status,
-      },
-      isNil
-    ) as ResponseOptions;
+    this.state.response = reject(isNil, {
+      body: responseOpts.body,
+      headers: responseOpts.headers || undefined,
+      status: responseOpts.status,
+    }) as ResponseOptions;
     return this;
   }