remove lodash.pick due to CVE-2020-8203

Author: mknudsen

lib/transform.js

@@ -2,9 +2,17 @@ const testValue = require('test-value')
 const where = testValue.where
 const arrayify = require('array-back')
 const extract = require('reduce-extract')
-const pick = require('lodash.pick')
 const omit = require('lodash.omit')
 
+function pick(object, keys) {
+  return keys.reduce((obj, key) => {
+     if (object && object.hasOwnProperty(key)) {
+        obj[key] = object[key];
+     }
+     return obj;
+   }, {});
+}
+
 /**
  * @module transform
  */

package-lock.json

@@ -21,7 +21,6 @@
   "dependencies": {
     "array-back": "^6.2.2",
     "lodash.omit": "^4.5.0",
-    "lodash.pick": "^4.4.0",
     "reduce-extract": "^1.0.0",
     "sort-array": "^4.1.5",
     "test-value": "^3.0.0"