diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..a8658c2 --- /dev/null +++ b/.snyk @@ -0,0 +1,8 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.25.0 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - java > async > lodash: + patched: '2022-09-30T14:27:18.123Z' diff --git a/package.json b/package.json index 8e3c67e..c4fc31b 100644 --- a/package.json +++ b/package.json @@ -16,7 +16,9 @@ "scripts": { "test": "jest --detectOpenHandles --forceExit", "compile": "./node_modules/.bin/babel -d ./ src/", - "jsdoc": "rm -rf docs/* && ./node_modules/jsdoc/jsdoc.js -c .jsdoc.json && git add docs/*" + "jsdoc": "rm -rf docs/* && ./node_modules/jsdoc/jsdoc.js -c .jsdoc.json && git add docs/*", + "prepare": "yarn run snyk-protect", + "snyk-protect": "snyk-protect" }, "licenses": [ { @@ -46,10 +48,11 @@ "@babel/polyfill": "^7.7.0", "core-js": "2", "global": "^4.4.0", - "java": "^0.12.0", + "java": "^5.0.0", "node-java-maven": "^0.1.1", "request": "^2.88.0", - "underscore": "^1.9.1" + "underscore": "^1.9.1", + "@snyk/protect": "latest" }, "devDependencies": { "@babel/cli": "^7.7.5", @@ -66,5 +69,6 @@ "jsdoc": "^3.6.3", "regenerator-runtime": "^0.13.3", "should": "^13.2.3" - } + }, + "snyk": true } diff --git a/yarn.lock b/yarn.lock index 55abd7d..e35d509 100644 --- a/yarn.lock +++ b/yarn.lock @@ -969,6 +969,11 @@ "@types/istanbul-reports" "^1.1.1" "@types/yargs" "^13.0.0" +"@snyk/protect@^1.1018.0": + version "1.1018.0" + resolved "https://registry.yarnpkg.com/@snyk/protect/-/protect-1.1018.0.tgz#5b56cd56da83a23c956831058ea6734ab6e99de5" + integrity sha512-8sNmN+lJbCpcoi4XDpmZ+LPUlXST7GhFt1x6C3INBai1y+Ho4R5sqBFMj0UkmnoFDeje82sh3Se/brW5SFTcbA== + "@tootallnate/once@1": version "1.1.2" resolved "https://registry.yarnpkg.com/@tootallnate/once/-/once-1.1.2.tgz#ccb91445360179a04e7fe6aff78c00ffc1eeaf82" @@ -1203,12 +1208,10 @@ async-limiter@~1.0.0: resolved "https://registry.yarnpkg.com/async-limiter/-/async-limiter-1.0.1.tgz#dd379e94f0db8310b08291f9d64c3209766617fd" integrity sha512-csOlWGAcRFJaI6m+F2WKdnMKr4HhdhFVBk0H/QbJFMCr+uO2kwohwXQPxw/9OCxp05r5ghVBFSyioixx3gfkNQ== -async@2.6.1: - version "2.6.1" - resolved "https://registry.yarnpkg.com/async/-/async-2.6.1.tgz#b245a23ca71930044ec53fa46aa00a3e87c6a610" - integrity sha512-fNEiL2+AZt6AlAw/29Cr0UDe4sRAHCpEHh54WMz+Bb7QfNcFw4h3loofyJpLeQs4Yx7yuqu/2dLgM5hKOs6HlQ== - dependencies: - lodash "^4.17.10" +async@0.9.0: + version "0.9.0" + resolved "https://registry.yarnpkg.com/async/-/async-0.9.0.tgz#ac3613b1da9bed1b47510bb4651b8931e47146c7" + integrity sha512-XQJ3MipmCHAIBBMFfu2jaSetneOrXbSyyqeU3Nod867oNOpS+i9FEms5PWgjMxSgBybRf2IVVLtr1YfrDO+okg== async@^0.9.0: version "0.9.2" @@ -1447,7 +1450,7 @@ bluebird@^3.7.2: resolved "https://registry.yarnpkg.com/bluebird/-/bluebird-3.7.2.tgz#9f229c15be272454ffa973ace0dbee79a1b0c36f" integrity sha512-XpNj6GDQzdfW+r2Wnn7xiSAd7TM3jzkxGXBGTtWKuSXv1xUV+azxAm8jdWZN06QTQk+2N2XB9jRDkvbmQmcRtg== -brace-expansion@^1.1.7: +brace-expansion@^1.0.0, brace-expansion@^1.1.7: version "1.1.11" resolved "https://registry.yarnpkg.com/brace-expansion/-/brace-expansion-1.1.11.tgz#3c7fcbf529d87226f3d2f52b966ff5271eb441dd" integrity sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA== @@ -2070,13 +2073,12 @@ fill-range@^4.0.0: repeat-string "^1.6.1" to-regex-range "^2.1.0" -find-java-home@0.2.0: - version "0.2.0" - resolved "https://registry.yarnpkg.com/find-java-home/-/find-java-home-0.2.0.tgz#5c500bbad3018832abb9886f7d0f03f57146cddc" - integrity sha512-nq5PFOHxE1VSEbdDVkLoA2bAcRnG4ETqJO8ipFq3glIWA52hdWCXYX3emuUyMAQfaqFU4Ea85gqcgaPmOApEPA== +find-java-home@0.1.2: + version "0.1.2" + resolved "https://registry.yarnpkg.com/find-java-home/-/find-java-home-0.1.2.tgz#a09980abc584fb0d62f7cfba04a9397dc93316b6" + integrity sha512-fzIuyBzuT1EQ5HqvIY7uMpdkj3NZYVmMO6Qz0zCRmWvBFn/ASsZmk9upYZH79Xy0eA5KHHGJvkh6paTLWV3HHQ== dependencies: which "~1.0.5" - winreg "~1.2.2" find-up@^2.1.0: version "2.1.0" @@ -2178,15 +2180,14 @@ glob-parent@^3.1.0: is-glob "^3.1.0" path-dirname "^1.0.0" -glob@7.1.3: - version "7.1.3" - resolved "https://registry.yarnpkg.com/glob/-/glob-7.1.3.tgz#3960832d3f1574108342dafd3a67b332c0969df1" - integrity sha512-vcfuiIxogLV4DlGBHIUOwI0IbrJ8HWPc4MU7HzviGeNho/UJDfi6B5p3sHeWIQ0KGIU0Jpxi5ZHxemQfLkkAwQ== +glob@5.0.5: + version "5.0.5" + resolved "https://registry.yarnpkg.com/glob/-/glob-5.0.5.tgz#784431e4e29a900ae0d47fba6aa1c7f16a8e7df7" + integrity sha512-n5ttBg32CBaIMp5S+DfcXZN8mxxN66+0HTkTuACRZ5LKJWcqjFQ3H+oKkdGYFfAgkVuMnXazf3c0Ah3fYWc0pQ== dependencies: - fs.realpath "^1.0.0" inflight "^1.0.4" inherits "2" - minimatch "^3.0.4" + minimatch "^2.0.1" once "^1.3.0" path-is-absolute "^1.0.0" @@ -2656,16 +2657,15 @@ istanbul-reports@^2.2.6: dependencies: html-escaper "^2.0.0" -java@^0.12.0: - version "0.12.1" - resolved "https://registry.yarnpkg.com/java/-/java-0.12.1.tgz#9c28fed9b4068faa15e1538f779fb09d8d9b90cf" - integrity sha512-Rll5pmWImAPGmL8R2Cquq5cMtBgFcG6pvYD+/vVuV016oXfsw+jZntLybwLI18xCctDOmd0DjdL+bGh7Sh9Bsw== +java@^5.0.0: + version "5.0.1" + resolved "https://registry.yarnpkg.com/java/-/java-5.0.1.tgz#31b388129dca27863223a4055774c86f66066ca0" + integrity sha512-YWo28EkuyL/OljpOZmkii+v8/luFHW2ve/bZ+aXBWgFLWPR7G5u8p1bSJfVK5s2Vtg/ksDa85Um0QQs5Ciu62A== dependencies: - async "2.6.1" - find-java-home "0.2.0" - glob "7.1.3" - lodash "4.17.14" - nan "2.14.0" + async "0.9.0" + find-java-home "0.1.2" + glob "5.0.5" + nan "1.7.0" jest-changed-files@^24.9.0: version "24.9.0" @@ -3259,12 +3259,7 @@ lodash.sortby@^4.7.0: resolved "https://registry.yarnpkg.com/lodash.sortby/-/lodash.sortby-4.7.0.tgz#edd14c824e2cc9c1e0b0a1b42bb5210516a42438" integrity sha1-7dFMgk4sycHgsKG0K7UhBRakJDg= -lodash@4.17.14: - version "4.17.14" - resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.14.tgz#9ce487ae66c96254fe20b599f21b6816028078ba" - integrity sha512-mmKYbW3GLuJeX+iGP+Y7Gp1AiGHGbXHCOh/jZmrawMmsE7MS4znI3RL2FsjbqOyMayHInjOeykW7PEajUk1/xw== - -lodash@^4.17.10, lodash@^4.17.13, lodash@^4.17.14, lodash@^4.17.15, lodash@^4.17.4: +lodash@^4.17.13, lodash@^4.17.14, lodash@^4.17.15, lodash@^4.17.4: version "4.17.15" resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.15.tgz#b447f6670a0455bbfeedd11392eff330ea097548" integrity sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A== @@ -3372,6 +3367,13 @@ min-document@^2.19.0: dependencies: dom-walk "^0.1.0" +minimatch@^2.0.1: + version "2.0.10" + resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-2.0.10.tgz#8d087c39c6b38c001b97fca7ce6d0e1e80afbac7" + integrity sha512-jQo6o1qSVLEWaw3l+bwYA2X0uLuK2KjNh2wjgO7Q/9UJnXr1Q3yQKR8BI0/Bt/rPg75e6SMW4hW/6cBHVTZUjA== + dependencies: + brace-expansion "^1.0.0" + minimatch@^3.0.4: version "3.0.4" resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-3.0.4.tgz#5166e286457f03306064be5497e8dbb0c3d32083" @@ -3414,10 +3416,10 @@ ms@^2.1.1: resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.2.tgz#d09d1f357b443f493382a8eb3ccd183872ae6009" integrity sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w== -nan@2.14.0: - version "2.14.0" - resolved "https://registry.yarnpkg.com/nan/-/nan-2.14.0.tgz#7818f722027b2459a86f0295d434d1fc2336c52c" - integrity sha512-INOFj37C7k3AfaNTtX8RhsTw7qRy7eLET14cROi9+5HAVbbHuIWUHEauBv5qT4Av2tWasiTY1Jw6puUNqRJXQg== +nan@1.7.0: + version "1.7.0" + resolved "https://registry.yarnpkg.com/nan/-/nan-1.7.0.tgz#755b997404e83cbe7bc08bc3c5c56291bce87438" + integrity sha512-QOnoQzrbpKmKWwa52gS93mGcIupR2MnlLbV66I5ddxscnyyPpy4is7yE2IG/nNOFHb1DbSYR61wYZEv4ukHdlA== nan@^2.12.1: version "2.14.1" @@ -4766,11 +4768,6 @@ which@~1.0.5: resolved "https://registry.yarnpkg.com/which/-/which-1.0.9.tgz#460c1da0f810103d0321a9b633af9e575e64486f" integrity sha1-RgwdoPgQED0DIam2M6+eV15kSG8= -winreg@~1.2.2: - version "1.2.4" - resolved "https://registry.yarnpkg.com/winreg/-/winreg-1.2.4.tgz#ba065629b7a925130e15779108cf540990e98d1b" - integrity sha1-ugZWKbepJRMOFXeRCM9UCZDpjRs= - word-wrap@~1.2.3: version "1.2.3" resolved "https://registry.yarnpkg.com/word-wrap/-/word-wrap-1.2.3.tgz#610636f6b1f703891bd34771ccb17fb93b47079c"