From 9917c176fea22c4fd828da32f6ac6b6eaa63ebb4 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sat, 26 Mar 2022 02:37:30 +0000 Subject: [PATCH] fix: package.json, package-lock.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- .snyk | 18 ++++++++++++++++++ package-lock.json | 11 ++++++++--- package.json | 12 ++++++++---- 3 files changed, 34 insertions(+), 7 deletions(-) create mode 100644 .snyk mode change 100755 => 100644 package.json diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..48267b5 --- /dev/null +++ b/.snyk @@ -0,0 +1,18 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.22.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - elasticsearch > lodash: + patched: '2022-03-26T02:37:25.106Z' + - tc-core-library-js > lodash: + patched: '2022-03-26T02:37:25.106Z' + - no-kafka > bin-protocol > lodash: + patched: '2022-03-26T02:37:25.106Z' + - no-kafka > nice-simple-logger > lodash: + patched: '2022-03-26T02:37:25.106Z' + - no-kafka > wrr-pool > lodash: + patched: '2022-03-26T02:37:25.106Z' + - winston > async > lodash: + patched: '2022-03-26T02:37:25.106Z' diff --git a/package-lock.json b/package-lock.json index b05627b..c1f66ea 100644 --- a/package-lock.json +++ b/package-lock.json @@ -141,6 +141,11 @@ "to-fast-properties": "^2.0.0" } }, + "@snyk/protect": { + "version": "1.883.0", + "resolved": "https://registry.npmjs.org/@snyk/protect/-/protect-1.883.0.tgz", + "integrity": "sha512-N/EqG6P/qNYWOfuZAfGS1d7yGwGY4zV7AvKtgTzdhazDt7G/mRLG6czLSWNWGEFYBiMsYRVPHdc5It3bjhmIGw==" + }, "@types/bluebird": { "version": "3.5.0", "resolved": "https://registry.npmjs.org/@types/bluebird/-/bluebird-3.5.0.tgz", @@ -2744,9 +2749,9 @@ } }, "lodash": { - "version": "4.17.19", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.19.tgz", - "integrity": "sha512-JNvd8XER9GQX0v2qJgsaN/mzFCNA5BRe/j8JN9d+tWyGLSodKQHKFicdwNYzWwI3wjRnaKPsGj1XkBjx/F96DQ==" + "version": "4.17.20", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz", + "integrity": "sha512-PlhdFcillOINfeV7Ni6oF1TAEayyZBoZ8bcshTHqOYJYlrqzRK5hagpagky5o4HfCzzd1TRkXPMFq6cKk9rGmA==" }, "lodash.clonedeep": { "version": "4.5.0", diff --git a/package.json b/package.json old mode 100755 new mode 100644 index 302796a..5320a63 --- a/package.json +++ b/package.json @@ -12,7 +12,9 @@ "test": "mocha test/unit/*.test.js --timeout 30000 --require test/unit/prepare.js --exit", "e2e": "mocha test/e2e/*.test.js --timeout 30000 --exit", "cov": "nyc --reporter=html --reporter=text mocha test/unit/*.test.js --timeout 30000 --require test/unit/prepare.js --exit", - "cov-e2e": "nyc --reporter=html --reporter=text mocha test/e2e/*.test.js --timeout 30000 --exit" + "cov-e2e": "nyc --reporter=html --reporter=text mocha test/e2e/*.test.js --timeout 30000 --exit", + "prepare": "npm run snyk-protect", + "snyk-protect": "snyk-protect" }, "author": "TCSCODER", "license": "none", @@ -33,13 +35,14 @@ "get-parameter-names": "^0.3.0", "http-aws-es": "^6.0.0", "joi": "^14.0.0", - "lodash": "^4.17.19", + "lodash": "^4.17.20", "moment": "^2.24.0", "no-kafka": "^3.4.3", "superagent": "^5.1.0", "tc-core-library-js": "appirio-tech/tc-core-library-js.git#v2.6.4", "topcoder-healthcheck-dropin": "^1.0.2", - "winston": "^3.1.0" + "winston": "^3.1.0", + "@snyk/protect": "latest" }, "standard": { "ignore": [ @@ -48,5 +51,6 @@ "env": [ "mocha" ] - } + }, + "snyk": true }