From 9786277dbdb9587fedec97a2017809ed332443fd Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 1 May 2020 02:38:59 -0500 Subject: [PATCH 1/2] fix: packages/extension/package.json & packages/extension/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- packages/extension/package.json | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/packages/extension/package.json b/packages/extension/package.json index 79dfddfa5f7c..df9e7518ad72 100644 --- a/packages/extension/package.json +++ b/packages/extension/package.json @@ -18,7 +18,9 @@ "check-deps": "node ../../scripts/check-deps.js --verbose", "check-deps-pre": "npm run check-deps -- --prescript", "clean": "gulp clean", - "clean-deps": "rm -rf node_modules" + "clean-deps": "rm -rf node_modules", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" }, "files": [ "app", @@ -45,6 +47,8 @@ }, "dependencies": { "bluebird": "3.5.3", - "lodash": "4.17.11" - } + "lodash": "4.17.11", + "snyk": "^1.316.1" + }, + "snyk": true } From c5f074ef0cb3e53d83dd2e957c3e0e070a349e10 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 1 May 2020 02:39:00 -0500 Subject: [PATCH 2/2] fix: packages/extension/package.json & packages/extension/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- packages/extension/.snyk | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 packages/extension/.snyk diff --git a/packages/extension/.snyk b/packages/extension/.snyk new file mode 100644 index 000000000000..325abbfdf129 --- /dev/null +++ b/packages/extension/.snyk @@ -0,0 +1,8 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.14.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - lodash: + patched: '2020-05-01T07:38:56.281Z'