PP-12235 Fix loop bound injection

Code QL flagges this as potential loop bound injection.
Use ES6 functionality to replace use of lodash.

app/controllers/payment-types/post-index.controller.js

@@ -1,7 +1,5 @@
 'use strict'
 
-const lodash = require('lodash')
-
 const paths = require('../../paths')
 const formatAccountPathsFor = require('../../utils/format-account-paths-for')
 const { ConnectorClient } = require('../../services/clients/connector.client')
@@ -10,8 +8,8 @@ const connector = new ConnectorClient(process.env.CONNECTOR_URL)
 module.exports = async function updateCardTypes (req, res, next) {
   const accountId = req.account.gateway_account_id
 
-  const acceptedDebitCards = typeof req.body.debit === 'string' ? [req.body.debit] : req.body.debit
-  const acceptedCreditCards = typeof req.body.credit === 'string' ? [req.body.credit] : req.body.credit
+  const acceptedDebitCards = (typeof req.body.debit === 'string' ? [req.body.debit] : req.body.debit) || []
+  const acceptedCreditCards = (typeof req.body.credit === 'string' ? [req.body.credit] : req.body.credit) || []
 
   if (typeof acceptedDebitCards === 'undefined' && typeof acceptedCreditCards === 'undefined') {
     req.flash('genericError', 'You must choose at least one card')
@@ -21,7 +19,7 @@ module.exports = async function updateCardTypes (req, res, next) {
   }
 
   const payload = {
-    card_types: lodash.union(acceptedDebitCards, acceptedCreditCards)
+    card_types: [...new Set([...acceptedDebitCards, ...acceptedCreditCards])]
   }
 
   try {