From a15679d2ed1e0af17be5b76ea8b120ba05cb392a Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 16 Apr 2024 07:40:07 +0000 Subject: [PATCH] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-LODASH-6139239 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:minimatch:20160620 --- .snyk | 22 ++++++++++++++++++++++ package.json | 16 ++++++++++------ 2 files changed, 32 insertions(+), 6 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000000..225685fddb --- /dev/null +++ b/.snyk @@ -0,0 +1,22 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.25.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:minimatch:20160620': + - jasmine-tagged > jasmine-focused > jasmine-node > gaze > fileset > glob > minimatch: + patched: '2024-04-16T07:40:04.101Z' + id: 'npm:minimatch:20160620' + path: >- + jasmine-tagged > jasmine-focused > jasmine-node > gaze > fileset > + glob > minimatch + - jasmine-tagged > jasmine-focused > jasmine-node > gaze > fileset > minimatch: + patched: '2024-04-16T07:40:04.101Z' + id: 'npm:minimatch:20160620' + path: >- + jasmine-tagged > jasmine-focused > jasmine-node > gaze > fileset > + minimatch + - jasmine-tagged > jasmine-focused > jasmine-node > gaze > minimatch: + patched: '2024-04-16T07:40:04.101Z' + id: 'npm:minimatch:20160620' + path: jasmine-tagged > jasmine-focused > jasmine-node > gaze > minimatch diff --git a/package.json b/package.json index 5aac69837a..98a8fd712f 100644 --- a/package.json +++ b/package.json @@ -16,7 +16,7 @@ "dependencies": { "analytics-node": "2.x.x", "async": "^0.9", - "babel-core": "6.8.0", + "babel-core": "6.9.0", "babel-preset-electron": "^0.37.8", "babel-preset-react": "^6.16.0", "babel-regenerator-runtime": "6.5.0", @@ -44,7 +44,7 @@ "jasmine-json": "~0.0", "jasmine-react-helpers": "^0.2", "jasmine-tagged": "^1.1.2", - "juice": "^1.4", + "juice": "^3.0.0", "kbpgp": "^2.0.52", "keytar": "3.0.0", "less-cache": "0.21", @@ -55,7 +55,7 @@ "moment-round": "^1.0.1", "moment-timezone": "0.5.4", "mousetrap": "^1.5.3", - "nock": "^2", + "nock": "^8.0.0", "node-emoji": "^1.2.1", "node-uuid": "^1.4", "nslog": "^3", @@ -89,7 +89,8 @@ "tld": "^0.0.2", "underscore": "^1.8", "underscore.string": "^3.0", - "windows-shortcuts": "emorikawa/windows-shortcuts#b0a0fc7" + "windows-shortcuts": "emorikawa/windows-shortcuts#b0a0fc7", + "@snyk/protect": "latest" }, "devDependencies": { "flow-bin": "0.33.0", @@ -110,6 +111,9 @@ "start": "electron . --dev --enable-logging", "lint": "script/grunt lint", "build": "script/grunt build", - "flow": "flow; test $? -eq 0 -o $? -eq 2" - } + "flow": "flow; test $? -eq 0 -o $? -eq 2", + "prepublish": "npm run snyk-protect", + "snyk-protect": "snyk-protect" + }, + "snyk": true }