fix: Remove CVE-2020-8203 vulnerability in lodash.set #4704
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Addresses #4684
#minor
Description
This PR addressess the CVE-2020-8203 vulnerability affecting [email protected] by removing the @types/nock package which depends on [email protected].
[email protected] and beyond provides its own type definitions, and
@types/nock
is no longer necessary.Specific Changes
botbuilder-dialogs-adaptive-testing
Testing
The following image shows lodash.set being removed after the update:
The following image shows
botbuilder-dialogs-adaptive-runtime
tests passing: