From 819b54de7e23cbbcc49ffdd2134c9ce9cea3b5ec Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Mon, 17 Jan 2022 15:30:13 +0000 Subject: [PATCH] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-MERGE-1040469 - https://snyk.io/vuln/SNYK-JS-MERGE-1042987 - https://snyk.io/vuln/SNYK-JS-MORGAN-72579 - https://snyk.io/vuln/SNYK-JS-NODEFETCH-674311 - https://snyk.io/vuln/SNYK-JS-SHELLQUOTE-1766506 - https://snyk.io/vuln/SNYK-JS-UGLIFYJS-1727251 - https://snyk.io/vuln/SNYK-JS-WS-1296835 - https://snyk.io/vuln/SNYK-JS-XMLDOM-1084960 - https://snyk.io/vuln/npm:base64-url:20180512 - https://snyk.io/vuln/npm:debug:20170905 - https://snyk.io/vuln/npm:fresh:20170908 - https://snyk.io/vuln/npm:hoek:20180212 - https://snyk.io/vuln/npm:mime:20170907 - https://snyk.io/vuln/npm:ms:20170412 - https://snyk.io/vuln/npm:plist:20180219 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:lodash:20180130 --- .snyk | 10 ++++++++++ package.json | 32 ++++++++++++++++++-------------- 2 files changed, 28 insertions(+), 14 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 00000000000000..43d4479ca8fc53 --- /dev/null +++ b/.snyk @@ -0,0 +1,10 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.22.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:lodash:20180130': + - plist > xmlbuilder > lodash: + patched: '2022-01-17T15:30:06.708Z' + - xcode > simple-plist > plist > xmlbuilder > lodash: + patched: '2022-01-17T15:30:06.708Z' diff --git a/package.json b/package.json index 4c0373167abe39..15107ab370c746 100644 --- a/package.json +++ b/package.json @@ -109,7 +109,9 @@ "test": "jest", "flow": "flow", "lint": "eslint Examples/ Libraries/", - "start": "/usr/bin/env bash -c './packager/packager.sh \"$@\" || true' --" + "start": "/usr/bin/env bash -c './packager/packager.sh \"$@\" || true' --", + "prepublish": "npm run snyk-protect", + "snyk-protect": "snyk-protect" }, "bin": { "react-native": "local-cli/wrong-react-native.js" @@ -140,12 +142,12 @@ "bser": "^1.0.2", "chalk": "^1.1.1", "commander": "^2.9.0", - "connect": "^2.8.3", + "connect": "^3.6.5", "core-js": "^2.2.2", "debug": "^2.2.0", "denodeify": "^1.2.1", "event-target-shim": "^1.0.5", - "fbjs": "^0.8.5", + "fbjs": "^2.0.0", "fbjs-scripts": "^0.7.0", "fs-extra": "^0.26.2", "glob": "^5.0.15", @@ -154,8 +156,8 @@ "immutable": "~3.7.6", "imurmurhash": "^0.1.4", "inquirer": "^0.12.0", - "jest-haste-map": "18.0.0", - "joi": "^6.6.1", + "jest-haste-map": "24.3.0", + "joi": "^8.1.0", "json-stable-stringify": "^1.0.1", "json5": "^0.4.0", "left-pad": "^1.1.3", @@ -164,11 +166,11 @@ "mime-types": "2.1.11", "minimist": "^1.2.0", "mkdirp": "^0.5.1", - "node-fetch": "^1.3.3", + "node-fetch": "^2.6.1", "npmlog": "^2.0.4", "opn": "^3.0.2", "optimist": "^0.6.1", - "plist": "^1.2.0", + "plist": "^3.0.2", "promise": "^7.1.1", "react-clone-referenced-element": "^1.0.1", "react-timer-mixin": "^0.13.2", @@ -177,22 +179,23 @@ "regenerator-runtime": "^0.9.5", "request": "^2.79.0", "rimraf": "^2.5.4", - "sane": "~1.4.1", + "sane": "~4.0.2", "semver": "^5.0.3", - "shell-quote": "1.6.1", + "shell-quote": "1.7.3", "source-map": "^0.5.6", "stacktrace-parser": "^0.1.3", "temp": "0.8.3", "throat": "^3.0.0", - "uglify-js": "^2.6.2", + "uglify-js": "^3.14.3", "whatwg-fetch": "^1.0.0", "wordwrap": "^1.0.0", "worker-farm": "^1.3.1", "write-file-atomic": "^1.2.0", - "ws": "^1.1.0", - "xcode": "^0.8.9", + "ws": "^5.2.3", + "xcode": "^2.0.0", "xmldoc": "^0.4.0", - "yargs": "^6.4.0" + "yargs": "^6.4.0", + "@snyk/protect": "latest" }, "devDependencies": { "babel-eslint": "^7.1.1", @@ -210,5 +213,6 @@ "react-test-renderer": "~15.4.0-rc.4", "shelljs": "0.6.0", "sinon": "^2.0.0-pre.2" - } + }, + "snyk": true }