From 6ce73e62b25e4bbe30c916d50429c91c02212bb5 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 5 Oct 2022 16:22:44 +0000 Subject: [PATCH] fix: package.json, yarn.lock & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- .snyk | 44 ++++++++++++++++++++++++++++++++++++++++++++ package.json | 10 +++++++--- yarn.lock | 50 +++++++++++++++++++++++++++++++++++++++++++++++++- 3 files changed, 100 insertions(+), 4 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..f4ad292 --- /dev/null +++ b/.snyk @@ -0,0 +1,44 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.25.0 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - lodash: + patched: '2022-10-05T16:21:53.456Z' + - react-scripts > @babel/core > lodash: + patched: '2022-10-05T16:21:53.456Z' + - react-scripts > eslint > lodash: + patched: '2022-10-05T16:21:53.456Z' + - react-scripts > eslint-plugin-flowtype > lodash: + patched: '2022-10-05T16:21:53.456Z' + - react-scripts > eslint-plugin-import > lodash: + patched: '2022-10-05T16:21:53.456Z' + - react-scripts > html-webpack-plugin > lodash: + patched: '2022-10-05T16:21:53.456Z' + - react-scripts > webpack-manifest-plugin > lodash: + patched: '2022-10-05T16:21:53.456Z' + - styled-components > babel-plugin-styled-components > lodash: + patched: '2022-10-05T16:21:53.456Z' + - react-scripts > @babel/core > @babel/traverse > lodash: + patched: '2022-10-05T16:21:53.456Z' + - styled-components > @babel/helper-module-imports > @babel/types > lodash: + patched: '2022-10-05T16:21:53.456Z' + - react-scripts > eslint > inquirer > lodash: + patched: '2022-10-05T16:21:53.456Z' + - react-scripts > eslint > table > lodash: + patched: '2022-10-05T16:21:53.456Z' + - react-scripts > optimize-css-assets-webpack-plugin > last-call-webpack-plugin > lodash: + patched: '2022-10-05T16:21:53.456Z' + - react-scripts > react-dev-utils > inquirer > lodash: + patched: '2022-10-05T16:21:53.456Z' + - react-scripts > webpack-dev-server > http-proxy-middleware > lodash: + patched: '2022-10-05T16:21:53.456Z' + - react-scripts > @svgr/webpack > @babel/preset-env > @babel/plugin-transform-block-scoping > lodash: + patched: '2022-10-05T16:21:53.456Z' + - react-scripts > babel-preset-react-app > @babel/plugin-transform-classes > @babel/helper-define-map > lodash: + patched: '2022-10-05T16:21:53.456Z' + - react-scripts > @svgr/webpack > @babel/preset-env > @babel/plugin-transform-modules-amd > @babel/helper-module-transforms > lodash: + patched: '2022-10-05T16:21:53.456Z' + - react-scripts > jest-environment-jsdom-fourteen > jsdom > request-promise-native > request-promise-core > lodash: + patched: '2022-10-05T16:21:53.456Z' diff --git a/package.json b/package.json index d4fbd43..7d83126 100644 --- a/package.json +++ b/package.json @@ -22,7 +22,8 @@ "react-router-dom": "^4.3.1", "react-scripts": "^3.3.0", "styled-components": "^4.3.1", - "typescript": "^3.4.5" + "typescript": "^3.4.5", + "@snyk/protect": "latest" }, "scripts": { "start": "npm run build:markdown && react-scripts start", @@ -30,7 +31,9 @@ "build": "react-scripts build", "test": "react-scripts test --passWithNoTests", "eject": "react-scripts eject", - "build:markdown": "node scripts/processMarkdown" + "build:markdown": "node scripts/processMarkdown", + "prepare": "yarn run snyk-protect", + "snyk-protect": "snyk-protect" }, "eslintConfig": { "extends": "react-app" @@ -43,5 +46,6 @@ ], "devDependencies": { "chalk": "^2.4.2" - } + }, + "snyk": true } diff --git a/yarn.lock b/yarn.lock index 9f49cff..c83d121 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1465,6 +1465,11 @@ resolved "https://registry.yarnpkg.com/@nodelib/fs.stat/-/fs.stat-1.1.3.tgz#2b5a3ab3f918cca48a8c754c08168e3f03eba61b" integrity sha512-shAmDyaQC4H92APFoIaVDHCx5bStIocgvbwQyxPRrbUY20V1EYTbSDchWbuwlMG3V17cprZhA6+78JfB+3DTPw== +"@snyk/protect@^1.1022.0": + version "1.1022.0" + resolved "https://registry.yarnpkg.com/@snyk/protect/-/protect-1.1022.0.tgz#2d5e480b02ed62f372acd4a97a078b5607a1147e" + integrity sha512-ASix6hXE9b3lgWovJjpxkx6W57pyqsB67ISxQIomLUd+XHeDodnhM3nsHJwQj8hVRWZwoHoYmnZKy9DgUg0q8w== + "@svgr/babel-plugin-add-jsx-attribute@^4.2.0": version "4.2.0" resolved "https://registry.yarnpkg.com/@svgr/babel-plugin-add-jsx-attribute/-/babel-plugin-add-jsx-attribute-4.2.0.tgz#dadcb6218503532d6884b210e7f3c502caaa44b1" @@ -1640,6 +1645,13 @@ "@types/istanbul-lib-coverage" "*" "@types/istanbul-lib-report" "*" +"@types/jest@^24.0.12": + version "24.9.1" + resolved "https://registry.yarnpkg.com/@types/jest/-/jest-24.9.1.tgz#02baf9573c78f1b9974a5f36778b366aa77bd534" + integrity sha512-Fb38HkXSVA4L8fGKEZ6le5bB8r6MRWlOCZbVuWZcmOMSCd2wCYOwN1ibj8daIoV9naq7aaOZjrLCoCMptKU/4Q== + dependencies: + jest-diff "^24.3.0" + "@types/json-schema@^7.0.3": version "7.0.3" resolved "https://registry.yarnpkg.com/@types/json-schema/-/json-schema-7.0.3.tgz#bdfd69d61e464dcc81b25159c270d75a73c1a636" @@ -1663,6 +1675,11 @@ resolved "https://registry.yarnpkg.com/@types/node/-/node-12.0.2.tgz#3452a24edf9fea138b48fad4a0a028a683da1e40" integrity sha512-5tabW/i+9mhrfEOUcLDu2xBPsHJ+X5Orqy9FKpale3SjDA17j5AEpYq5vfy3oAeAHGcvANRCO3NV3d2D6q3NiA== +"@types/node@^12.0.0": + version "12.20.55" + resolved "https://registry.yarnpkg.com/@types/node/-/node-12.20.55.tgz#c329cbd434c42164f846b909bd6f85b5537f6240" + integrity sha512-J8xLz7q2OFulZ2cyGTLE1TbbZcjpno7FaN6zdJNrgAdrJ+DZzh/uFR6YrTb4C+nXakvud8Q4+rbhoIWlYQbUFQ== + "@types/parse-json@^4.0.0": version "4.0.0" resolved "https://registry.yarnpkg.com/@types/parse-json/-/parse-json-4.0.0.tgz#2f8bb441434d163b35fb8ffdccd7138927ffb8c0" @@ -1678,6 +1695,13 @@ resolved "https://registry.yarnpkg.com/@types/q/-/q-1.5.2.tgz#690a1475b84f2a884fd07cd797c00f5f31356ea8" integrity sha512-ce5d3q03Ex0sy4R14722Rmt6MT07Ua+k4FwDfdcToYJcMKNtRVQvJ6JCAPdAmAnbRb6CsX6aYb9m96NGod9uTw== +"@types/react-dom@^16.8.4": + version "16.9.16" + resolved "https://registry.yarnpkg.com/@types/react-dom/-/react-dom-16.9.16.tgz#c591f2ed1c6f32e9759dfa6eb4abfd8041f29e39" + integrity sha512-Oqc0RY4fggGA3ltEgyPLc3IV9T73IGoWjkONbsyJ3ZBn+UPPCYpU2ec0i3cEbJuEdZtkqcCF2l1zf2pBdgUGSg== + dependencies: + "@types/react" "^16" + "@types/react-transition-group@^2.0.8": version "2.0.16" resolved "https://registry.yarnpkg.com/@types/react-transition-group/-/react-transition-group-2.0.16.tgz#2dcb9e396ab385ee19c4af1c9caa469a14cd042f" @@ -1693,6 +1717,20 @@ "@types/prop-types" "*" csstype "^2.2.0" +"@types/react@^16", "@types/react@^16.8.17": + version "16.14.32" + resolved "https://registry.yarnpkg.com/@types/react/-/react-16.14.32.tgz#d4e4fe5ece3c27fcb4608b1f4a614f7dec881392" + integrity sha512-hvEy4vGVADbtj/U6+CA5SRC5QFIjdxD7JslAie8EuAYZwhYY9bgforpXNyF1VFzhnkEOesDy1278t1wdjN74cw== + dependencies: + "@types/prop-types" "*" + "@types/scheduler" "*" + csstype "^3.0.2" + +"@types/scheduler@*": + version "0.16.2" + resolved "https://registry.yarnpkg.com/@types/scheduler/-/scheduler-0.16.2.tgz#1a62f89525723dde24ba1b01b092bf5df8ad4d39" + integrity sha512-hppQEBDmlwhFAXKJX2KnWLYu5yMfi91yazPb2l+lbJiwW+wdo1gNeRA+3RgNSO39WYX2euey41KEwnqesU2Jew== + "@types/stack-utils@^1.0.1": version "1.0.1" resolved "https://registry.yarnpkg.com/@types/stack-utils/-/stack-utils-1.0.1.tgz#0a851d3bd96498fa25c33ab7278ed3bd65f06c3e" @@ -3710,6 +3748,11 @@ csstype@^2.0.0, csstype@^2.2.0, csstype@^2.5.2: resolved "https://registry.yarnpkg.com/csstype/-/csstype-2.6.2.tgz#3043d5e065454579afc7478a18de41909c8a2f01" integrity sha512-Rl7PvTae0pflc1YtxtKbiSqq20Ts6vpIYOD5WBafl4y123DyHUeLrRdQP66sQW8/6gmX8jrYJLXwNeMqYVJcow== +csstype@^3.0.2: + version "3.1.1" + resolved "https://registry.yarnpkg.com/csstype/-/csstype-3.1.1.tgz#841b532c45c758ee546a11d5bd7b7b473c8c30b9" + integrity sha512-DJR/VvkAvSZW9bTouZue2sSxDwdTN92uHjqeKVm+0dAqdfNykRzQ95tay8aXMBAAPpUiq4Qcug2L7neoRh2Egw== + cyclist@~0.2.2: version "0.2.2" resolved "https://registry.yarnpkg.com/cyclist/-/cyclist-0.2.2.tgz#1b33792e11e914a2fd6d6ed6447464444e5fa640" @@ -6166,7 +6209,7 @@ jest-config@^24.9.0: pretty-format "^24.9.0" realpath-native "^1.1.0" -jest-diff@^24.9.0: +jest-diff@^24.3.0, jest-diff@^24.9.0: version "24.9.0" resolved "https://registry.yarnpkg.com/jest-diff/-/jest-diff-24.9.0.tgz#931b7d0d5778a1baf7452cb816e325e3724055da" integrity sha512-qMfrTs8AdJE2iqrTp0hzh7kTd2PQWrsFyj9tORoKmu32xjPjeE4NyjVRDz8ybYwqS2ik8N4hsIpiVTyFeo2lBQ== @@ -10975,6 +11018,11 @@ typedarray@^0.0.6: resolved "https://registry.yarnpkg.com/typedarray/-/typedarray-0.0.6.tgz#867ac74e3864187b1d3d47d996a78ec5c8830777" integrity sha1-hnrHTjhkGHsdPUfZlqeOxciDB3c= +typescript@^3.4.5: + version "3.9.10" + resolved "https://registry.yarnpkg.com/typescript/-/typescript-3.9.10.tgz#70f3910ac7a51ed6bef79da7800690b19bf778b8" + integrity sha512-w6fIxVE/H1PkLKcCPsFqKE7Kv7QUwhU8qQY2MueZXWx5cPZdwFupLgKK3vntcK98BtNHZtAF4LA/yl2a7k8R6Q== + ua-parser-js@^0.7.18: version "0.7.19" resolved "https://registry.yarnpkg.com/ua-parser-js/-/ua-parser-js-0.7.19.tgz#94151be4c0a7fb1d001af7022fdaca4642659e4b"