Remove lodash.pick from @useoptic/rulesets-base usage due to security issues and deprecations #2889
Description
Describe the bug
@useoptic/rulesets-base is using lodash.pick in version 4.4.0 which has a known security vulnerability. The lodash.pick package is also deprecated so there is no way mitigate the security issue.
To Reproduce
Steps to reproduce the behavior:
- Install latest @useoptic/rulesets-base
- Use a security scanner to analyze the dependencies
- find that lodash.pick 4.4.0 has a security vulnerability
Expected behavior
@useoptic/rulesets-base doesn't ship with dependencies that have known security issues.
Additional context
Description of security vulnerability in lodash:
https://avd.aquasec.com/nvd/2020/cve-2020-8203/