From cbf2adc313b91003fc81fada8b7fe07c47d76b94 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sat, 26 Mar 2022 02:37:34 +0000 Subject: [PATCH] fix: package.json, package-lock.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- .snyk | 14 ++++++++++++++ package-lock.json | 13 +++++++++---- package.json | 12 ++++++++---- 3 files changed, 31 insertions(+), 8 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..e75dfb5 --- /dev/null +++ b/.snyk @@ -0,0 +1,14 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.22.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - tc-bus-api-wrapper > lodash: + patched: '2022-03-26T02:37:27.996Z' + - tc-core-library-js > lodash: + patched: '2022-03-26T02:37:27.996Z' + - tc-bus-api-wrapper > tc-core-library-js > lodash: + patched: '2022-03-26T02:37:27.996Z' + - winston > async > lodash: + patched: '2022-03-26T02:37:27.996Z' diff --git a/package-lock.json b/package-lock.json index a82e77e..d7107db 100644 --- a/package-lock.json +++ b/package-lock.json @@ -66,6 +66,11 @@ "integrity": "sha512-9NET910DNaIPngYnLLPeg+Ogzqsi9uM4mSboU5y6p8S5DzMTVEsJZrawi+BoDNUVBa2DhJqQYUFvMDfgU062LQ==", "dev": true }, + "@snyk/protect": { + "version": "1.883.0", + "resolved": "https://registry.npmjs.org/@snyk/protect/-/protect-1.883.0.tgz", + "integrity": "sha512-N/EqG6P/qNYWOfuZAfGS1d7yGwGY4zV7AvKtgTzdhazDt7G/mRLG6czLSWNWGEFYBiMsYRVPHdc5It3bjhmIGw==" + }, "@szmarczak/http-timer": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/@szmarczak/http-timer/-/http-timer-1.1.2.tgz", @@ -2416,9 +2421,9 @@ } }, "lodash": { - "version": "4.17.19", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.19.tgz", - "integrity": "sha512-JNvd8XER9GQX0v2qJgsaN/mzFCNA5BRe/j8JN9d+tWyGLSodKQHKFicdwNYzWwI3wjRnaKPsGj1XkBjx/F96DQ==" + "version": "4.17.20", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz", + "integrity": "sha512-PlhdFcillOINfeV7Ni6oF1TAEayyZBoZ8bcshTHqOYJYlrqzRK5hagpagky5o4HfCzzd1TRkXPMFq6cKk9rGmA==" }, "lodash.clonedeep": { "version": "4.5.0", @@ -3913,7 +3918,7 @@ }, "tc-core-library-js": { "version": "github:appirio-tech/tc-core-library-js#d16413db30b1eed21c0cf426e185bedb2329ddab", - "from": "github:appirio-tech/tc-core-library-js#v2.6", + "from": "github:appirio-tech/tc-core-library-js#d16413db30b1eed21c0cf426e185bedb2329ddab", "requires": { "auth0-js": "^9.4.2", "axios": "^0.12.0", diff --git a/package.json b/package.json index 3c558e1..6d9e8d5 100644 --- a/package.json +++ b/package.json @@ -7,7 +7,9 @@ "start": "node app.js", "dev": "nodemon app.js", "lint": "standard", - "lint:fix": "standard --fix" + "lint:fix": "standard --fix", + "prepare": "npm run snyk-protect", + "snyk-protect": "snyk-protect" }, "author": "Topcoder", "devDependencies": { @@ -24,7 +26,7 @@ "http-status-codes": "^1.4.0", "joi": "^14.0.0", "jsonwebtoken": "^8.5.1", - "lodash": "^4.17.19", + "lodash": "^4.17.20", "morgan": "^1.7.0", "neo4j-driver": "^4.0.2", "swagger-ui-express": "^4.1.5", @@ -33,6 +35,8 @@ "uuid": "^3.3.3", "uuid-validate": "0.0.3", "winston": "^3.2.1", - "yamljs": "^0.3.0" - } + "yamljs": "^0.3.0", + "@snyk/protect": "latest" + }, + "snyk": true }