diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..8f37c21 --- /dev/null +++ b/.snyk @@ -0,0 +1,47 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.22.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-AXIOS-174505: + - axios: + patched: '2022-01-17T15:41:52.942Z' + SNYK-JS-LODASH-567746: + - lodash: + patched: '2022-01-17T15:41:52.942Z' + - react-scripts > @babel/core > lodash: + patched: '2022-01-17T15:41:52.942Z' + - react-scripts > eslint > lodash: + patched: '2022-01-17T15:41:52.942Z' + - react-scripts > eslint-plugin-flowtype > lodash: + patched: '2022-01-17T15:41:52.942Z' + - react-scripts > eslint-plugin-import > lodash: + patched: '2022-01-17T15:41:52.942Z' + - react-scripts > html-webpack-plugin > lodash: + patched: '2022-01-17T15:41:52.942Z' + - react-scripts > webpack-manifest-plugin > lodash: + patched: '2022-01-17T15:41:52.942Z' + - react-scripts > @svgr/webpack > @babel/core > lodash: + patched: '2022-01-17T15:41:52.942Z' + - react-scripts > babel-eslint > @babel/traverse > lodash: + patched: '2022-01-17T15:41:52.942Z' + - react-scripts > eslint > inquirer > lodash: + patched: '2022-01-17T15:41:52.942Z' + - react-scripts > eslint > table > lodash: + patched: '2022-01-17T15:41:52.942Z' + - react-scripts > optimize-css-assets-webpack-plugin > last-call-webpack-plugin > lodash: + patched: '2022-01-17T15:41:52.942Z' + - react-scripts > webpack-dev-server > http-proxy-middleware > lodash: + patched: '2022-01-17T15:41:52.942Z' + - react-scripts > @svgr/webpack > @babel/preset-env > @babel/plugin-transform-block-scoping > lodash: + patched: '2022-01-17T15:41:52.942Z' + - react-scripts > babel-preset-react-app > @babel/plugin-transform-classes > @babel/helper-define-map > lodash: + patched: '2022-01-17T15:41:52.942Z' + - react-scripts > @svgr/webpack > @babel/preset-env > @babel/plugin-transform-modules-amd > @babel/helper-module-transforms > lodash: + patched: '2022-01-17T15:41:52.942Z' + - react-scripts > babel-preset-react-app > @babel/preset-env > @babel/plugin-transform-modules-commonjs > @babel/helper-module-transforms > lodash: + patched: '2022-01-17T15:41:52.942Z' + - react-scripts > jest-environment-jsdom-fourteen > jsdom > request-promise-native > request-promise-core > lodash: + patched: '2022-01-17T15:41:52.942Z' + - react-scripts > jest > jest-cli > @jest/core > @jest/reporters > istanbul-api > async > lodash: + patched: '2022-01-17T15:41:52.942Z' diff --git a/package-lock.json b/package-lock.json index 86e8818..ce3678c 100644 --- a/package-lock.json +++ b/package-lock.json @@ -3229,6 +3229,11 @@ "uuid": "^3.1.0" } }, + "@snyk/protect": { + "version": "1.831.0", + "resolved": "https://registry.npmjs.org/@snyk/protect/-/protect-1.831.0.tgz", + "integrity": "sha512-za7rvnHvnjGQwd60fYu3NopU9SCelSKrAUJNA4nVUgjdbkn+HA+cfvYo5DeU6QI5RpzTNCWJdJ26FkxXFEJ3bQ==" + }, "@storybook/addon-actions": { "version": "5.0.11", "resolved": "https://repo.forge.lmig.com/api/npm/npm/@storybook/addon-actions/-/addon-actions-5.0.11.tgz", diff --git a/package.json b/package.json index c611052..1178ed7 100644 --- a/package.json +++ b/package.json @@ -11,7 +11,9 @@ "coverage": "npm run unit -- --coverage", "eject": "react-scripts eject", "storybook": "start-storybook -p 9009 -s public", - "build-storybook": "build-storybook -s public" + "build-storybook": "build-storybook -s public", + "prepare": "npm run snyk-protect", + "snyk-protect": "snyk-protect" }, "dependencies": { "@material-ui/core": "^3.9.3", @@ -31,7 +33,8 @@ "react-number-format": "^4.0.7", "react-router": "^5.0.0", "react-router-dom": "^5.0.0", - "react-scripts": "^3.0.0" + "react-scripts": "^3.0.0", + "@snyk/protect": "latest" }, "devDependencies": { "@babel/core": "^7.4.4", @@ -87,5 +90,6 @@ "not dead", "not ie <= 11", "not op_mini all" - ] + ], + "snyk": true }