From ff19e9f0a0ab3f3d14962026eeec27e87be16e49 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 5 Jul 2024 15:46:50 +0000 Subject: [PATCH] fix: standalone-packages/monaco-editor/package.json, standalone-packages/monaco-editor/yarn.lock & standalone-packages/monaco-editor/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- standalone-packages/monaco-editor/.snyk | 10 ++++++++++ standalone-packages/monaco-editor/package.json | 9 +++++++-- standalone-packages/monaco-editor/yarn.lock | 5 +++++ 3 files changed, 22 insertions(+), 2 deletions(-) create mode 100644 standalone-packages/monaco-editor/.snyk diff --git a/standalone-packages/monaco-editor/.snyk b/standalone-packages/monaco-editor/.snyk new file mode 100644 index 00000000000..a9d42d25237 --- /dev/null +++ b/standalone-packages/monaco-editor/.snyk @@ -0,0 +1,10 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.25.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - typedoc > lodash: + patched: '2024-07-05T15:46:17.993Z' + id: SNYK-JS-LODASH-567746 + path: typedoc > lodash diff --git a/standalone-packages/monaco-editor/package.json b/standalone-packages/monaco-editor/package.json index 4ff733b2a07..02a43b51edb 100644 --- a/standalone-packages/monaco-editor/package.json +++ b/standalone-packages/monaco-editor/package.json @@ -8,7 +8,9 @@ "scripts": { "simpleserver": "gulp simpleserver", "release": "gulp release", - "website": "gulp website" + "website": "gulp website", + "prepare": "yarn run snyk-protect", + "snyk-protect": "snyk-protect" }, "typings": "./esm/vs/editor/editor.api.d.ts", "module": "./esm/vs/editor/editor.main.js", @@ -33,5 +35,8 @@ "uncss": "^0.16.2", "vinyl": "^0.5.3" }, - "dependencies": {} + "dependencies": { + "@snyk/protect": "latest" + }, + "snyk": true } diff --git a/standalone-packages/monaco-editor/yarn.lock b/standalone-packages/monaco-editor/yarn.lock index 97f584884de..f561fb6f119 100644 --- a/standalone-packages/monaco-editor/yarn.lock +++ b/standalone-packages/monaco-editor/yarn.lock @@ -2,6 +2,11 @@ # yarn lockfile v1 +"@snyk/protect@^1.1292.1": + version "1.1292.1" + resolved "https://registry.yarnpkg.com/@snyk/protect/-/protect-1.1292.1.tgz#fe67905a5681828ac315b03e366427405e762157" + integrity sha512-wM/0JGs1PhN30nigmOSfEPge3pyEHBAEN3/5/EoyIPOsUsZl/pKBEb2TwZnYbnfTKQi7CpyOKkVIaw40CBbQVA== + "@types/events@*": version "1.2.0" resolved "https://registry.yarnpkg.com/@types/events/-/events-1.2.0.tgz#81a6731ce4df43619e5c8c945383b3e62a89ea86"