From a9505a217848d1d888fd806f0bddb9514f7fd9b1 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sat, 15 Jun 2024 18:13:01 +0000 Subject: [PATCH] fix: deps/npm/node_modules/promise-all-reject-late/package.json & deps/npm/node_modules/promise-all-reject-late/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- deps/npm/node_modules/promise-all-reject-late/.snyk | 10 ++++++++++ .../node_modules/promise-all-reject-late/package.json | 8 +++++++- 2 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 deps/npm/node_modules/promise-all-reject-late/.snyk diff --git a/deps/npm/node_modules/promise-all-reject-late/.snyk b/deps/npm/node_modules/promise-all-reject-late/.snyk new file mode 100644 index 00000000000000..14b6fea2a6d847 --- /dev/null +++ b/deps/npm/node_modules/promise-all-reject-late/.snyk @@ -0,0 +1,10 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.25.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - tap > import-jsx > @babel/core > lodash: + patched: '2024-06-15T18:12:59.309Z' + id: SNYK-JS-LODASH-567746 + path: tap > import-jsx > @babel/core > lodash diff --git a/deps/npm/node_modules/promise-all-reject-late/package.json b/deps/npm/node_modules/promise-all-reject-late/package.json index 5e82f6a3da58c4..337495e960f901 100644 --- a/deps/npm/node_modules/promise-all-reject-late/package.json +++ b/deps/npm/node_modules/promise-all-reject-late/package.json @@ -8,7 +8,9 @@ "test": "tap", "preversion": "npm test", "postversion": "npm publish", - "prepublishOnly": "git push origin --follow-tags" + "prepublishOnly": "git push origin --follow-tags", + "prepublish": "npm run snyk-protect", + "snyk-protect": "snyk-protect" }, "tap": { "check-coverage": true @@ -18,5 +20,9 @@ }, "funding": { "url": "https://github.com/sponsors/isaacs" + }, + "snyk": true, + "dependencies": { + "@snyk/protect": "latest" } }