@uppy/companion: remove `lodash` dependency (#3036)

* @uppy/companion: remove `lodash` dependency

* @uppy/companion: test the transpiled files instead of source

* @uppy/companion: rollback to using `lodash.merge`

* Revert "@uppy/companion: test the transpiled files instead of source"

This reverts commit 5ffd5786f105d0eebb4ec063b1b854fddce28d85.

* @uppy/companion: remove Node.js v10 and v12 from the CI, add v16

* @uppy/companion: remove Node.js v16.x from the CI

* Revert "@uppy/companion: remove Node.js v10 and v12 from the CI, add v16"

This reverts commit 9dca738f2a3e03e7e2c268925b06c6f7f32acdb9.

* Remove optional chaining to keep Node.js v12 support

package-lock.json

@@ -75553,7 +75553,7 @@
         "ip-address": "6.2.0",
         "isobject": "3.0.1",
         "jsonwebtoken": "8.5.1",
-        "lodash": "^4.17.20",
+        "lodash.merge": "^4.6.2",
         "mime-types": "2.1.25",
         "moment": "^2.29.1",
         "moment-timezone": "^0.5.31",
@@ -75863,7 +75863,6 @@
         "classnames": "^2.2.6",
         "is-shallow-equal": "^1.0.1",
         "lodash.debounce": "^4.0.8",
-        "lodash.throttle": "^4.1.1",
         "memoize-one": "^5.0.4",
         "nanoid": "^3.1.23",
         "preact": "^10.5.13"
@@ -89483,7 +89482,7 @@
         "ip-address": "6.2.0",
         "isobject": "3.0.1",
         "jsonwebtoken": "8.5.1",
-        "lodash": "^4.17.20",
+        "lodash.merge": "^4.6.2",
         "mime-types": "2.1.25",
         "moment": "^2.29.1",
         "moment-timezone": "^0.5.31",
@@ -89725,7 +89724,6 @@
         "classnames": "^2.2.6",
         "is-shallow-equal": "^1.0.1",
         "lodash.debounce": "^4.0.8",
-        "lodash.throttle": "^4.1.1",
         "memoize-one": "^5.0.4",
         "nanoid": "^3.1.23",
         "preact": "^10.5.13",

packages/@uppy/companion/package.json

@@ -50,7 +50,7 @@
     "ip-address": "6.2.0",
     "isobject": "3.0.1",
     "jsonwebtoken": "8.5.1",
-    "lodash": "^4.17.20",
+    "lodash.merge": "^4.6.2",
     "mime-types": "2.1.25",
     "moment": "^2.29.1",
     "moment-timezone": "^0.5.31",

packages/@uppy/companion/src/companion.js

@@ -3,7 +3,7 @@ const express = require('express')
 const ms = require('ms')
 // @ts-ignore
 const Grant = require('grant').express()
-const merge = require('lodash/merge')
+const merge = require('lodash.merge')
 const cookieParser = require('cookie-parser')
 const interceptor = require('express-interceptor')
 

packages/@uppy/companion/src/server/middlewares.js

@@ -1,4 +1,3 @@
-const uniq = require('lodash/uniq')
 const cors = require('cors')
 // @ts-ignore
 const promBundle = require('express-prom-bundle')
@@ -94,12 +93,11 @@ exports.cors = (options = {}) => (req, res, next) => {
   ]
   if (res.get('Access-Control-Allow-Headers')) allowedHeaders.push(res.get('Access-Control-Allow-Headers'))
 
-  const existingAllowMethodsHeader = res.get('Access-Control-Allow-Methods')
-  let methods = []
-  if (existingAllowMethodsHeader) {
-    methods = existingAllowMethodsHeader.replace(/\s/g, '').split(',').map((method) => method.toUpperCase())
-  }
-  methods = uniq([...methods, 'GET', 'POST', 'OPTIONS', 'DELETE'])
+  // TODO: Move to optional chaining when we drop Node.js v12.x support
+  const ACAMHeader = res.get('Access-Control-Allow-Methods')
+  const existingAllowMethodsHeader = new Set(ACAMHeader && ACAMHeader.split(',').map(method => method.trim().toUpperCase()))
+  existingAllowMethodsHeader.add('GET').add('POST').add('OPTIONS').add('DELETE')
+  const methods = Array.from(existingAllowMethodsHeader)
 
   // If endpoint urls are specified, then we only allow those endpoints.
   // Otherwise, we allow any client url to access companion.

packages/@uppy/companion/src/standalone/helper.js

@@ -1,5 +1,5 @@
 const fs = require('fs')
-const merge = require('lodash/merge')
+const merge = require('lodash.merge')
 const stripIndent = require('common-tags/lib/stripIndent')
 const crypto = require('crypto')
 const utils = require('../server/helpers/utils')

packages/@uppy/companion/src/standalone/index.js

@@ -4,7 +4,7 @@ const helmet = require('helmet')
 const morgan = require('morgan')
 const bodyParser = require('body-parser')
 const { URL } = require('url')
-const merge = require('lodash/merge')
+const merge = require('lodash.merge')
 const session = require('express-session')
 const addRequestId = require('express-request-id')()
 const logger = require('../server/logger')

packages/@uppy/dashboard/package.json

@@ -31,7 +31,6 @@
     "classnames": "^2.2.6",
     "is-shallow-equal": "^1.0.1",
     "lodash.debounce": "^4.0.8",
-    "lodash.throttle": "^4.1.1",
     "memoize-one": "^5.0.4",
     "nanoid": "^3.1.23",
     "preact": "^10.5.13"