From 1fe22de4d86539190ba989e4133b6e991fcb22ff Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 5 Sep 2024 09:45:46 +0000 Subject: [PATCH] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-BABELTRAVERSE-5962462 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577916 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577917 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577918 - https://snyk.io/vuln/SNYK-JS-LODASH-567746 - https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908 - https://snyk.io/vuln/SNYK-JS-ASYNC-2441827 - https://snyk.io/vuln/SNYK-JS-BRACES-6838727 - https://snyk.io/vuln/SNYK-JS-DECODEURICOMPONENT-3149970 - https://snyk.io/vuln/SNYK-JS-ES5EXT-6095076 - https://snyk.io/vuln/SNYK-JS-QS-3153490 - https://snyk.io/vuln/SNYK-JS-SEMVER-3247795 - https://snyk.io/vuln/SNYK-JS-SSRI-1246392 - https://snyk.io/vuln/SNYK-JS-TMPL-1583443 - https://snyk.io/vuln/SNYK-JS-WS-7266574 - https://snyk.io/vuln/SNYK-JS-INI-1048974 - https://snyk.io/vuln/SNYK-JS-Y18N-1021887 - https://snyk.io/vuln/SNYK-JS-LODASH-1040724 - https://snyk.io/vuln/SNYK-JS-REQUEST-3361831 - https://snyk.io/vuln/SNYK-JS-TAR-6476909 - https://snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873 - https://snyk.io/vuln/SNYK-JS-JSONSCHEMA-1920922 - https://snyk.io/vuln/SNYK-JS-JSON5-3182856 - https://snyk.io/vuln/SNYK-JS-TAR-1579147 - https://snyk.io/vuln/SNYK-JS-TAR-1579152 - https://snyk.io/vuln/SNYK-JS-TAR-1579155 - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 - https://snyk.io/vuln/SNYK-JS-TAR-1536528 - https://snyk.io/vuln/SNYK-JS-TAR-1536531 - https://snyk.io/vuln/SNYK-JS-AJV-584908 - https://snyk.io/vuln/SNYK-JS-FINDPROCESS-1090284 - https://snyk.io/vuln/SNYK-JS-MERGEDEEP-1070277 - https://snyk.io/vuln/SNYK-JS-BROWSERIFYSIGN-6037026 - https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3043105 - https://snyk.io/vuln/SNYK-JS-MICROMATCH-6838728 - https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660 - https://snyk.io/vuln/SNYK-JS-BROWSERSLIST-1090194 - https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905 - https://snyk.io/vuln/SNYK-JS-HOSTEDGITINFO-1088355 - https://snyk.io/vuln/SNYK-JS-HTTPCACHESEMANTICS-3248783 - https://snyk.io/vuln/SNYK-JS-LODASH-1018905 - https://snyk.io/vuln/SNYK-JS-PATHPARSE-1077067 - https://snyk.io/vuln/SNYK-JS-POSTCSS-1090595 - https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640 - https://snyk.io/vuln/SNYK-JS-PROMPTS-1729737 - https://snyk.io/vuln/SNYK-JS-WS-1296835 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-1064899 - https://snyk.io/vuln/SNYK-JS-NODEFETCH-2342118 - https://snyk.io/vuln/SNYK-JS-NWSAPI-2841516 - https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795 - https://snyk.io/vuln/npm:debug:20170905 - https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3042992 - https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3105943 - https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818 - https://snyk.io/vuln/SNYK-JS-TERSER-2806366 - https://snyk.io/vuln/SNYK-JS-ISTANBULREPORTS-2328088 - https://snyk.io/vuln/SNYK-JS-TAR-1536758 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- .snyk | 14 +++++++++++++ package.json | 56 ++++++++++++++++++++++++++++------------------------ 2 files changed, 44 insertions(+), 26 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 000000000000..0c3acd7b9ada --- /dev/null +++ b/.snyk @@ -0,0 +1,14 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.25.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - '@babel/preset-env > @babel/plugin-proposal-async-generator-functions > @babel/helper-remap-async-to-generator > @babel/helper-wrap-function > @babel/traverse > @babel/helper-function-name > @babel/helper-get-function-arity > @babel/types > lodash': + patched: '2024-09-05T09:45:38.935Z' + id: SNYK-JS-LODASH-567746 + path: >- + @babel/preset-env > @babel/plugin-proposal-async-generator-functions > + @babel/helper-remap-async-to-generator > @babel/helper-wrap-function > + @babel/traverse > @babel/helper-function-name > + @babel/helper-get-function-arity > @babel/types > lodash diff --git a/package.json b/package.json index bbc0fa04e0bb..b1d10a2fd880 100644 --- a/package.json +++ b/package.json @@ -9,19 +9,19 @@ }, "license": "(MIT AND CC-BY-4.0)", "dependencies": { - "@babel/core": "^7.8.3", - "@babel/plugin-transform-runtime": "^7.11.0", - "@babel/preset-env": "^7.8.4", + "@babel/core": "^7.23.2", + "@babel/plugin-transform-runtime": "^7.12.10", + "@babel/preset-env": "^7.22.6", "@babel/runtime": "^7.11.2", "@github-docs/data-directory": "^1.2.0", "@github-docs/frontmatter": "^1.3.1", "@github-docs/render-content": "^5.2.0", "@github/rest-api-operations": "^3.3.2", - "@octokit/rest": "^16.38.1", + "@octokit/rest": "^17.0.0", "@primer/css": "^15.1.0", "@primer/octicons": "^11.0.0", - "algoliasearch": "^3.35.1", - "babel-loader": "^8.1.0", + "algoliasearch": "^4.0.0", + "babel-loader": "^9.1.3", "browser-date-formatter": "^3.0.3", "change-case": "^3.1.0", "cheerio": "^1.0.0-rc.3", @@ -29,17 +29,17 @@ "compression": "^1.7.4", "connect-slashes": "^1.4.0", "cookie-parser": "^1.4.5", - "copy-webpack-plugin": "^6.0.3", + "copy-webpack-plugin": "^10.0.0", "cors": "^2.8.5", "cross-env": "^7.0.2", - "css-loader": "^4.0.0", + "css-loader": "^6.9.0", "csurf": "^1.11.0", "dotenv": "^8.2.0", "express": "^4.17.1", "express-rate-limit": "^5.1.3", "flat": "^5.0.0", "github-slugger": "^1.2.1", - "got": "^9.6.0", + "got": "^12.6.0", "gray-matter": "^4.0.1", "helmet": "^3.21.2", "html-entities": "^1.2.1", @@ -52,7 +52,7 @@ "lil-env-thing": "^1.0.0", "liquid": "^5.1.0", "lodash": "^4.17.21", - "mini-css-extract-plugin": "^0.9.0", + "mini-css-extract-plugin": "^2.0.0", "mkdirp": "^1.0.3", "morgan": "^1.9.1", "node-fetch": "^2.6.1", @@ -60,18 +60,19 @@ "port-used": "^2.0.8", "querystring": "^0.2.0", "readline-sync": "^1.4.10", - "resolve-url-loader": "^3.1.2", + "resolve-url-loader": "^4.0.0", "rimraf": "^3.0.0", "sass": "^1.26.3", - "sass-loader": "^9.0.2", + "sass-loader": "^11.0.0", "search-with-your-keyboard": "1.1.0", "semver": "^5.7.1", "slash": "^3.0.0", - "style-loader": "^1.2.1", + "style-loader": "^3.0.0", "uuid": "^8.3.0", "walk-sync": "^1.1.4", - "webpack": "^5.0.0", - "webpack-cli": "^3.3.12" + "webpack": "^5.79.0", + "webpack-cli": "^4.0.0", + "@snyk/protect": "latest" }, "devDependencies": { "ajv": "^6.11.0", @@ -96,29 +97,29 @@ "husky": "^4.2.1", "image-size": "^0.7.4", "japanese-characters": "^1.1.0", - "jest": "^26.0.1", + "jest": "^29.7.0", "jest-expect-message": "^1.0.2", "jest-github-actions-reporter": "^1.0.2", - "jest-puppeteer": "^4.4.0", - "jest-silent-reporter": "^0.2.1", + "jest-puppeteer": "^8.0.0", + "jest-silent-reporter": "^0.3.0", "jest-slow-test-reporter": "^1.0.0", "make-promises-safe": "^5.1.0", "mime": "^2.4.4", "mock-express-response": "^0.2.2", "nock": "^13.0.4", - "nodemon": "^2.0.4", + "nodemon": "^3.0.0", "npm-merge-driver-install": "^2.0.0", "object-hash": "^2.0.1", - "pa11y-ci": "^2.4.0", + "pa11y-ci": "^3.1.0", "puppeteer": "^2.1.1", "replace": "^1.2.0", "revalidator": "^0.3.1", "robots-parser": "^2.1.1", - "standard": "^14.3.1", - "start-server-and-test": "^1.11.3", + "standard": "^17.1.0", + "start-server-and-test": "^1.15.3", "supertest": "^4.0.2", - "webpack-dev-middleware": "^3.7.2", - "website-scraper": "^4.2.0" + "webpack-dev-middleware": "^4.0.0", + "website-scraper": "^5.0.0" }, "scripts": { "start": "cross-env NODE_ENV=development ENABLED_LANGUAGES='en,ja' nodemon server.js", @@ -139,7 +140,9 @@ "check-deps": "node script/check-deps.js", "prevent-pushes-to-main": "node script/prevent-pushes-to-main.js", "pa11y-ci": "pa11y-ci", - "pa11y-test": "start-server-and-test browser-test-server 4001 pa11y-ci" + "pa11y-test": "start-server-and-test browser-test-server 4001 pa11y-ci", + "prepublish": "npm run snyk-protect", + "snyk-protect": "snyk-protect" }, "engines": { "node": "12 - 14" @@ -157,5 +160,6 @@ "pre-commit": "node script/prevent-translation-commits.js", "pre-push": "npm run prevent-pushes-to-main" } - } + }, + "snyk": true }