From a880875bb46a6cab55369e44d26f55543c3318ad Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 7 Oct 2022 21:59:39 +0000 Subject: [PATCH] fix: packages/baset-reader-babel/package.json, packages/baset-reader-babel/package-lock.json & packages/baset-reader-babel/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-LODASH-1018905 - https://snyk.io/vuln/SNYK-JS-LODASH-1040724 - https://snyk.io/vuln/SNYK-JS-LODASH-450202 - https://snyk.io/vuln/SNYK-JS-LODASH-567746 - https://snyk.io/vuln/SNYK-JS-LODASH-608086 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- packages/baset-reader-babel/.snyk | 36 +++++++ packages/baset-reader-babel/package-lock.json | 13 ++- packages/baset-reader-babel/package.json | 95 ++++++++++--------- 3 files changed, 94 insertions(+), 50 deletions(-) create mode 100644 packages/baset-reader-babel/.snyk diff --git a/packages/baset-reader-babel/.snyk b/packages/baset-reader-babel/.snyk new file mode 100644 index 00000000..597685a3 --- /dev/null +++ b/packages/baset-reader-babel/.snyk @@ -0,0 +1,36 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.25.0 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - babel-core > lodash: + patched: '2022-10-07T21:59:27.703Z' + - babel-core > babel-types > lodash: + patched: '2022-10-07T21:59:27.703Z' + - babel-core > babel-generator > lodash: + patched: '2022-10-07T21:59:27.703Z' + - babel-core > babel-traverse > lodash: + patched: '2022-10-07T21:59:27.703Z' + - babel-core > babel-template > lodash: + patched: '2022-10-07T21:59:27.703Z' + - babel-core > babel-register > lodash: + patched: '2022-10-07T21:59:27.703Z' + - babel-core > babel-generator > babel-types > lodash: + patched: '2022-10-07T21:59:27.703Z' + - babel-core > babel-traverse > babel-types > lodash: + patched: '2022-10-07T21:59:27.703Z' + - babel-core > babel-template > babel-types > lodash: + patched: '2022-10-07T21:59:27.703Z' + - babel-core > babel-template > babel-traverse > lodash: + patched: '2022-10-07T21:59:27.703Z' + - babel-core > babel-helpers > babel-template > lodash: + patched: '2022-10-07T21:59:27.703Z' + - babel-core > babel-template > babel-traverse > babel-types > lodash: + patched: '2022-10-07T21:59:27.703Z' + - babel-core > babel-helpers > babel-template > babel-types > lodash: + patched: '2022-10-07T21:59:27.703Z' + - babel-core > babel-helpers > babel-template > babel-traverse > lodash: + patched: '2022-10-07T21:59:27.703Z' + - babel-core > babel-helpers > babel-template > babel-traverse > babel-types > lodash: + patched: '2022-10-07T21:59:27.703Z' diff --git a/packages/baset-reader-babel/package-lock.json b/packages/baset-reader-babel/package-lock.json index 5af7f961..693c458e 100644 --- a/packages/baset-reader-babel/package-lock.json +++ b/packages/baset-reader-babel/package-lock.json @@ -1,9 +1,14 @@ { "name": "baset-reader-babel", - "version": "0.13.7", + "version": "0.14.7", "lockfileVersion": 1, "requires": true, "dependencies": { + "@snyk/protect": { + "version": "1.1025.0", + "resolved": "https://registry.npmjs.org/@snyk/protect/-/protect-1.1025.0.tgz", + "integrity": "sha512-RK9tY2Aqujv5l9e/5nE4yiTilk8vxyB99VtJJ/6p9TZYhddCVQUUv+PNenhVVO3jkSD8/3gLWbPakIvQsFKynA==" + }, "@types/babel-core": { "version": "6.25.5", "resolved": "https://registry.npmjs.org/@types/babel-core/-/babel-core-6.25.5.tgz", @@ -366,9 +371,9 @@ } }, "lodash": { - "version": "4.17.11", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz", - "integrity": "sha512-cQKh8igo5QUhZ7lg38DYWAxMvjSAKG0A8wGSVimP07SIUEK2UO+arSRKbRZWtelMtN5V0Hkwh5ryOto/SshYIg==" + "version": "4.17.21", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" }, "loose-envify": { "version": "1.4.0", diff --git a/packages/baset-reader-babel/package.json b/packages/baset-reader-babel/package.json index ba7818b8..54e29c98 100644 --- a/packages/baset-reader-babel/package.json +++ b/packages/baset-reader-babel/package.json @@ -1,48 +1,51 @@ { - "name": "baset-reader-babel", - "version": "0.14.7", - "description": "Babel reader plugin for BaseT project.", - "keywords": [ - "baset-reader-babel", - "baset-plugin-babel", - "babel", - "ESnext", - "ES6", - "ES2015", - "ES2016", - "baseline", - "unit-test", - "test", - "testing", - "e2e-test" - ], - "author": "Ihor Chulinda ", - "license": "MIT", - "repository": { - "type": "git", - "url": "git@github.com:Igmat/baset.git" - }, - "main": "dist/index.js", - "types": "dist/index.d.ts", - "scripts": { - "build": "npm run tslint && tsc", - "watch": "npm run tslint && tsc -w", - "tslint": "tslint -c tslint.json -p tsconfig.json", - "test": "baset", - "accept": "baset accept", - "doctoc": "doctoc README.md", - "prepublish": "npm run doctoc" - }, - "devDependencies": { - "@types/babel-core": "^6.25.5", - "@types/find-up": "^2.1.1", - "@types/lodash": "^4.14.116", - "@types/node": "^10.10.0" - }, - "dependencies": { - "babel-core": "^6.26.3", - "baset-core": "^0.14.7", - "find-up": "^3.0.0", - "lodash": "^4.17.11" - } + "name": "baset-reader-babel", + "version": "0.14.7", + "description": "Babel reader plugin for BaseT project.", + "keywords": [ + "baset-reader-babel", + "baset-plugin-babel", + "babel", + "ESnext", + "ES6", + "ES2015", + "ES2016", + "baseline", + "unit-test", + "test", + "testing", + "e2e-test" + ], + "author": "Ihor Chulinda ", + "license": "MIT", + "repository": { + "type": "git", + "url": "git@github.com:Igmat/baset.git" + }, + "main": "dist/index.js", + "types": "dist/index.d.ts", + "scripts": { + "build": "npm run tslint && tsc", + "watch": "npm run tslint && tsc -w", + "tslint": "tslint -c tslint.json -p tsconfig.json", + "test": "baset", + "accept": "baset accept", + "doctoc": "doctoc README.md", + "prepublish": "npm run snyk-protect && npm run doctoc", + "snyk-protect": "snyk-protect" + }, + "devDependencies": { + "@types/babel-core": "^6.25.5", + "@types/find-up": "^2.1.1", + "@types/lodash": "^4.14.116", + "@types/node": "^10.10.0" + }, + "dependencies": { + "babel-core": "^6.26.3", + "baset-core": "^0.14.7", + "find-up": "^3.0.0", + "lodash": "^4.17.21", + "@snyk/protect": "latest" + }, + "snyk": true }