From 3df57727edf3727ae7da0faa18a415ddfc137ed4 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 1 Dec 2023 04:47:56 +0000 Subject: [PATCH] fix: packages/snyk-protect/test/fixtures/no-snyk-file/package.json & packages/snyk-protect/test/fixtures/no-snyk-file/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- packages/snyk-protect/test/fixtures/no-snyk-file/.snyk | 10 ++++++++++ .../test/fixtures/no-snyk-file/package.json | 10 ++++++++-- 2 files changed, 18 insertions(+), 2 deletions(-) create mode 100644 packages/snyk-protect/test/fixtures/no-snyk-file/.snyk diff --git a/packages/snyk-protect/test/fixtures/no-snyk-file/.snyk b/packages/snyk-protect/test/fixtures/no-snyk-file/.snyk new file mode 100644 index 0000000000..10fa5b9988 --- /dev/null +++ b/packages/snyk-protect/test/fixtures/no-snyk-file/.snyk @@ -0,0 +1,10 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.25.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - tap > nyc > istanbul-lib-instrument > babel-types > lodash: + patched: '2023-12-01T04:47:54.323Z' + id: SNYK-JS-LODASH-567746 + path: tap > nyc > istanbul-lib-instrument > babel-types > lodash diff --git a/packages/snyk-protect/test/fixtures/no-snyk-file/package.json b/packages/snyk-protect/test/fixtures/no-snyk-file/package.json index 3ae64c45f8..0316df88b7 100644 --- a/packages/snyk-protect/test/fixtures/no-snyk-file/package.json +++ b/packages/snyk-protect/test/fixtures/no-snyk-file/package.json @@ -7,7 +7,13 @@ "url": "https://github.com/Snyk/snyk-todo-list-demo-app/" }, "dependencies": { - "tap": "11.1.3" + "tap": "11.1.3", + "@snyk/protect": "latest" }, - "license": "Apache-2.0" + "license": "Apache-2.0", + "scripts": { + "prepublish": "npm run snyk-protect", + "snyk-protect": "snyk-protect" + }, + "snyk": true }