From 3c81fd86bf1e1046cb12b5b0a2e8581371becce2 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sat, 10 Aug 2024 22:32:15 +0000 Subject: [PATCH] fix: packages/react-devtools/package.json & packages/react-devtools/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ELECTRON-2805803 - https://snyk.io/vuln/SNYK-JS-ELECTRON-1257943 - https://snyk.io/vuln/SNYK-JS-ELECTRON-1085705 - https://snyk.io/vuln/SNYK-JS-ELECTRON-1088600 - https://snyk.io/vuln/SNYK-JS-ELECTRON-1252279 - https://snyk.io/vuln/SNYK-JS-ELECTRON-1312314 - https://snyk.io/vuln/SNYK-JS-ELECTRON-1313765 - https://snyk.io/vuln/SNYK-JS-ELECTRON-1534883 - https://snyk.io/vuln/SNYK-JS-ELECTRON-1656743 - https://snyk.io/vuln/SNYK-JS-ELECTRON-1910985 - https://snyk.io/vuln/SNYK-JS-ELECTRON-3014411 - https://snyk.io/vuln/SNYK-JS-ELECTRON-3091122 - https://snyk.io/vuln/SNYK-JS-ELECTRON-6179663 - https://snyk.io/vuln/SNYK-JS-ELECTRON-2946881 - https://snyk.io/vuln/SNYK-JS-ELECTRON-1911949 - https://snyk.io/vuln/SNYK-JS-ELECTRON-2414027 - https://snyk.io/vuln/SNYK-JS-ELECTRON-2322001 - https://snyk.io/vuln/SNYK-JS-ELECTRON-2434822 - https://snyk.io/vuln/SNYK-JS-ELECTRON-5923343 - https://snyk.io/vuln/SNYK-JS-ELECTRON-6137744 - https://snyk.io/vuln/SNYK-JS-ELECTRON-1296559 - https://snyk.io/vuln/SNYK-JS-ELECTRON-1536581 - https://snyk.io/vuln/SNYK-JS-ELECTRON-1912085 - https://snyk.io/vuln/SNYK-JS-ELECTRON-6173171 - https://snyk.io/vuln/SNYK-JS-ELECTRON-1070013 - https://snyk.io/vuln/SNYK-JS-ELECTRON-1315668 - https://snyk.io/vuln/SNYK-JS-ELECTRON-2332173 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- packages/react-devtools/.snyk | 10 ++++++++++ packages/react-devtools/package.json | 12 ++++++++---- 2 files changed, 18 insertions(+), 4 deletions(-) create mode 100644 packages/react-devtools/.snyk diff --git a/packages/react-devtools/.snyk b/packages/react-devtools/.snyk new file mode 100644 index 0000000000000..34168711d4a74 --- /dev/null +++ b/packages/react-devtools/.snyk @@ -0,0 +1,10 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.25.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - electron > @electron/get > global-tunnel-ng > lodash: + patched: '2024-08-10T22:32:12.706Z' + id: SNYK-JS-LODASH-567746 + path: electron > @electron/get > global-tunnel-ng > lodash diff --git a/packages/react-devtools/package.json b/packages/react-devtools/package.json index d866ead7dc5a5..1c202a3c0579b 100644 --- a/packages/react-devtools/package.json +++ b/packages/react-devtools/package.json @@ -19,14 +19,18 @@ "icons" ], "scripts": { - "start": "node bin.js" + "start": "node bin.js", + "prepare": "yarn run snyk-protect", + "snyk-protect": "snyk-protect" }, "dependencies": { "cross-spawn": "^5.0.1", - "electron": "^11.1.0", + "electron": "^26.6.7", "ip": "^1.1.4", "minimist": "^1.2.3", "react-devtools-core": "4.27.1", - "update-notifier": "^2.1.0" - } + "update-notifier": "^2.1.0", + "@snyk/protect": "latest" + }, + "snyk": true }