From 4143ac1a90195c99e63b04c83640cb36e12e49cb Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 30 Apr 2020 21:53:48 -0700 Subject: [PATCH 1/2] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- package.json | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/package.json b/package.json index 95d96d7..8d81528 100644 --- a/package.json +++ b/package.json @@ -29,10 +29,13 @@ "portastic": "^1.0.1", "pug": "^2.0.4", "socket.io": "^2.3.0", - "socket.io-client": "^2.3.0" + "socket.io-client": "^2.3.0", + "snyk": "^1.316.1" }, "scripts": { - "test": "node core/main test" + "test": "node core/main test", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" }, "devDependencies": { "@types/async": "^2.4.2", @@ -50,5 +53,6 @@ "istanbul": "^0.4.5", "nyc": "^11.9.0", "source-map-support": "^0.5.16" - } + }, + "snyk": true } From 3f3746d4ef1c3b791aff1575925553a363b67d20 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 30 Apr 2020 21:53:49 -0700 Subject: [PATCH 2/2] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- .snyk | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..963cafc --- /dev/null +++ b/.snyk @@ -0,0 +1,12 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.14.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - pug > pug-code-gen > constantinople > babel-types > lodash: + patched: '2020-05-01T04:53:46.401Z' + - pug > pug-filters > constantinople > babel-types > lodash: + patched: '2020-05-01T04:53:46.401Z' + - pug > pug-code-gen > pug-attrs > constantinople > babel-types > lodash: + patched: '2020-05-01T04:53:46.401Z'