From 7dbe745a03e29c054acdcd18607a5b0d8d36b85f Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 7 Oct 2022 21:22:21 +0000 Subject: [PATCH] fix: package.json, package-lock.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- .snyk | 12 +++++++++++ package-lock.json | 51 ++++++++++++++++++++++++++++++++++++----------- package.json | 10 +++++++--- 3 files changed, 58 insertions(+), 15 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..8daaf96 --- /dev/null +++ b/.snyk @@ -0,0 +1,12 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.25.0 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - go-cli > inquirer > lodash: + patched: '2022-10-07T21:22:14.821Z' + - go-plugin-quiz > inquirer > lodash: + patched: '2022-10-07T21:22:14.821Z' + - go-plugin-quiz > inquirer-autocomplete-prompt > inquirer > lodash: + patched: '2022-10-07T21:22:14.821Z' diff --git a/package-lock.json b/package-lock.json index 5b8d8c5..d95ea34 100644 --- a/package-lock.json +++ b/package-lock.json @@ -38,6 +38,11 @@ "resolved": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-1.1.0.tgz", "integrity": "sha512-LAQ1d4OPfSJ/BMbI2DuizmYrrkD9JMaTdi2hQTlI53lQ4kRQPyZQRS4CYQ7O66bnBBnP/oYdRxbk++X0xuFU6A==" }, + "@snyk/protect": { + "version": "1.1025.0", + "resolved": "https://registry.npmjs.org/@snyk/protect/-/protect-1.1025.0.tgz", + "integrity": "sha512-RK9tY2Aqujv5l9e/5nE4yiTilk8vxyB99VtJJ/6p9TZYhddCVQUUv+PNenhVVO3jkSD8/3gLWbPakIvQsFKynA==" + }, "abab": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/abab/-/abab-2.0.0.tgz", @@ -99,6 +104,7 @@ "resolved": "https://registry.npmjs.org/align-text/-/align-text-0.1.4.tgz", "integrity": "sha1-DNkKVhCT810KmSVsIrcGlDP60Rc=", "dev": true, + "optional": true, "requires": { "kind-of": "^3.0.2", "longest": "^1.0.1", @@ -110,6 +116,7 @@ "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=", "dev": true, + "optional": true, "requires": { "is-buffer": "^1.1.5" } @@ -2124,7 +2131,8 @@ "ansi-regex": { "version": "2.1.1", "bundled": true, - "dev": true + "dev": true, + "optional": true }, "aproba": { "version": "1.2.0", @@ -2145,12 +2153,14 @@ "balanced-match": { "version": "1.0.0", "bundled": true, - "dev": true + "dev": true, + "optional": true }, "brace-expansion": { "version": "1.1.11", "bundled": true, "dev": true, + "optional": true, "requires": { "balanced-match": "^1.0.0", "concat-map": "0.0.1" @@ -2165,17 +2175,20 @@ "code-point-at": { "version": "1.1.0", "bundled": true, - "dev": true + "dev": true, + "optional": true }, "concat-map": { "version": "0.0.1", "bundled": true, - "dev": true + "dev": true, + "optional": true }, "console-control-strings": { "version": "1.1.0", "bundled": true, - "dev": true + "dev": true, + "optional": true }, "core-util-is": { "version": "1.0.2", @@ -2292,7 +2305,8 @@ "inherits": { "version": "2.0.3", "bundled": true, - "dev": true + "dev": true, + "optional": true }, "ini": { "version": "1.3.5", @@ -2304,6 +2318,7 @@ "version": "1.0.0", "bundled": true, "dev": true, + "optional": true, "requires": { "number-is-nan": "^1.0.0" } @@ -2318,6 +2333,7 @@ "version": "3.0.4", "bundled": true, "dev": true, + "optional": true, "requires": { "brace-expansion": "^1.1.7" } @@ -2325,12 +2341,14 @@ "minimist": { "version": "0.0.8", "bundled": true, - "dev": true + "dev": true, + "optional": true }, "minipass": { "version": "2.2.4", "bundled": true, "dev": true, + "optional": true, "requires": { "safe-buffer": "^5.1.1", "yallist": "^3.0.0" @@ -2349,6 +2367,7 @@ "version": "0.5.1", "bundled": true, "dev": true, + "optional": true, "requires": { "minimist": "0.0.8" } @@ -2429,7 +2448,8 @@ "number-is-nan": { "version": "1.0.1", "bundled": true, - "dev": true + "dev": true, + "optional": true }, "object-assign": { "version": "4.1.1", @@ -2441,6 +2461,7 @@ "version": "1.4.0", "bundled": true, "dev": true, + "optional": true, "requires": { "wrappy": "1" } @@ -2526,7 +2547,8 @@ "safe-buffer": { "version": "5.1.1", "bundled": true, - "dev": true + "dev": true, + "optional": true }, "safer-buffer": { "version": "2.1.2", @@ -2562,6 +2584,7 @@ "version": "1.0.2", "bundled": true, "dev": true, + "optional": true, "requires": { "code-point-at": "^1.0.0", "is-fullwidth-code-point": "^1.0.0", @@ -2581,6 +2604,7 @@ "version": "3.0.1", "bundled": true, "dev": true, + "optional": true, "requires": { "ansi-regex": "^2.0.0" } @@ -2624,12 +2648,14 @@ "wrappy": { "version": "1.0.2", "bundled": true, - "dev": true + "dev": true, + "optional": true }, "yallist": { "version": "3.0.2", "bundled": true, - "dev": true + "dev": true, + "optional": true } } }, @@ -4577,7 +4603,8 @@ "version": "1.0.1", "resolved": "https://registry.npmjs.org/longest/-/longest-1.0.1.tgz", "integrity": "sha1-MKCy2jj3N3DoKUoNIuZiXtd9AJc=", - "dev": true + "dev": true, + "optional": true }, "loose-envify": { "version": "1.4.0", diff --git a/package.json b/package.json index 3420f28..5b4f302 100644 --- a/package.json +++ b/package.json @@ -12,7 +12,9 @@ "test": "npm run lint && npm run unit", "unit": "jest --coverage", "unit:ci": "jest --coverage --coverageReporters=text-lcov | coveralls", - "unit:watch": "jest --coverage --watchAll" + "unit:watch": "jest --coverage --watchAll", + "prepare": "npm run snyk-protect", + "snyk-protect": "snyk-protect" }, "engines": { "node": ">=6.4.0" @@ -55,7 +57,8 @@ "go-plugin-cli": "^2.0.0", "go-plugin-fs": "^1.0.2", "go-plugin-quiz": "^4.0.0", - "go-plugin-templates": "^1.0.0" + "go-plugin-templates": "^1.0.0", + "@snyk/protect": "latest" }, "standard": { "globals": [ @@ -64,5 +67,6 @@ "it", "jest" ] - } + }, + "snyk": true }