From 27d36e43f1f4004f6677b44e592f525f689ae09b Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 1 May 2020 09:41:24 +0800 Subject: [PATCH 1/2] fix: packages/@vue/cli-test-utils/package.json & packages/@vue/cli-test-utils/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- packages/@vue/cli-test-utils/package.json | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/packages/@vue/cli-test-utils/package.json b/packages/@vue/cli-test-utils/package.json index 44dc48696f..f32b9bd8ed 100644 --- a/packages/@vue/cli-test-utils/package.json +++ b/packages/@vue/cli-test-utils/package.json @@ -24,6 +24,12 @@ "execa": "^0.10.0", "json-server": "^0.12.2", "puppeteer": "^1.0.0", - "strip-ansi": "^3.0.0" - } + "strip-ansi": "^3.0.0", + "snyk": "^1.316.1" + }, + "scripts": { + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" + }, + "snyk": true } From fde7bbd0d92174eba1e8e8498cf3f334dc7531eb Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 1 May 2020 09:41:25 +0800 Subject: [PATCH 2/2] fix: packages/@vue/cli-test-utils/package.json & packages/@vue/cli-test-utils/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- packages/@vue/cli-test-utils/.snyk | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 packages/@vue/cli-test-utils/.snyk diff --git a/packages/@vue/cli-test-utils/.snyk b/packages/@vue/cli-test-utils/.snyk new file mode 100644 index 0000000000..2a434cbed2 --- /dev/null +++ b/packages/@vue/cli-test-utils/.snyk @@ -0,0 +1,10 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.14.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - json-server > lodash: + patched: '2020-05-01T01:41:22.162Z' + - json-server > lowdb > lodash: + patched: '2020-05-01T01:41:22.162Z'