From c7658880f0ec1bcc910cfc2d6baba8cb9b98b7cd Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 27 Oct 2022 08:20:53 +0000 Subject: [PATCH] fix: package.json, package-lock.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-TREEKILL-536781 --- .snyk | 8 ++++++++ package-lock.json | 45 ++++++++++++++++++++++++++------------------- package.json | 10 +++++++--- 3 files changed, 41 insertions(+), 22 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 00000000000..0605fb65266 --- /dev/null +++ b/.snyk @@ -0,0 +1,8 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.25.0 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-TREEKILL-536781: + - github > tree-kill: + patched: '2022-10-27T08:20:46.133Z' diff --git a/package-lock.json b/package-lock.json index 4a8510da072..d99bd5c2096 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1506,6 +1506,11 @@ } } }, + "@snyk/protect": { + "version": "1.1042.0", + "resolved": "https://registry.npmjs.org/@snyk/protect/-/protect-1.1042.0.tgz", + "integrity": "sha512-D2UxjjOAtL1QP7HQcHO2aaTeyP2OyVKrQntj8U/pkWl9QfaOgbTog470QtW9OkZ/3B1+JWjg9tF/dMEs2GzGpQ==" + }, "@types/node": { "version": "11.13.7", "resolved": "https://registry.npmjs.org/@types/node/-/node-11.13.7.tgz", @@ -1534,11 +1539,11 @@ "dependencies": { "etch": { "version": "0.9.0", - "bundled": true + "resolved": false }, "semver": { "version": "5.5.1", - "bundled": true + "resolved": false } } }, @@ -1824,11 +1829,11 @@ "dependencies": { "underscore": { "version": "1.9.1", - "bundled": true + "resolved": false }, "underscore-plus": { "version": "1.7.0", - "bundled": true, + "resolved": false, "requires": { "underscore": "^1.9.1" } @@ -2120,6 +2125,7 @@ "version": "2.10.1", "resolved": "https://registry.npmjs.org/boom/-/boom-2.10.1.tgz", "integrity": "sha1-OciRjO/1eZ+D+UkqhI9iWt0Mdm8=", + "optional": true, "requires": { "hoek": "2.x.x" } @@ -2679,7 +2685,7 @@ "dependencies": { "grim": { "version": "2.0.2", - "bundled": true, + "resolved": false, "requires": { "event-kit": "^2.0.0" } @@ -2832,22 +2838,22 @@ "dependencies": { "etch": { "version": "0.9.0", - "bundled": true + "resolved": false }, "grim": { "version": "2.0.2", - "bundled": true, + "resolved": false, "requires": { "event-kit": "^2.0.0" } }, "underscore": { "version": "1.9.1", - "bundled": true + "resolved": false }, "underscore-plus": { "version": "1.7.0", - "bundled": true, + "resolved": false, "requires": { "underscore": "^1.9.1" } @@ -3184,11 +3190,11 @@ "dependencies": { "underscore": { "version": "1.9.1", - "bundled": true + "resolved": false }, "underscore-plus": { "version": "1.7.0", - "bundled": true, + "resolved": false, "requires": { "underscore": "^1.9.1" } @@ -3660,11 +3666,11 @@ "dependencies": { "rimraf": { "version": "2.2.8", - "bundled": true + "resolved": false }, "temp": { "version": "0.8.3", - "bundled": true, + "resolved": false, "requires": { "os-tmpdir": "^1.0.0", "rimraf": "~2.2.6" @@ -3867,7 +3873,8 @@ "hoek": { "version": "2.16.3", "resolved": "https://registry.npmjs.org/hoek/-/hoek-2.16.3.tgz", - "integrity": "sha1-ILt0A9POo5jpHcRxCo/xuCdKJe0=" + "integrity": "sha1-ILt0A9POo5jpHcRxCo/xuCdKJe0=", + "optional": true }, "home-or-tmp": { "version": "1.0.0", @@ -4136,7 +4143,7 @@ "resolved": "https://registry.npmjs.org/jasmine-focused/-/jasmine-focused-1.0.7.tgz", "integrity": "sha1-uDx1fIAOaOHW78GjoaE/85/23NI=", "requires": { - "jasmine-node": "git+https://github.com/kevinsawicki/jasmine-node.git#81af4f953a2b7dfb5bde8331c05362a4b464c5ef", + "jasmine-node": "jasmine-node@git+https://github.com/kevinsawicki/jasmine-node.git#81af4f953a2b7dfb5bde8331c05362a4b464c5ef", "underscore-plus": "1.x", "walkdir": "0.0.7" } @@ -4719,11 +4726,11 @@ "dependencies": { "underscore": { "version": "1.9.1", - "bundled": true + "resolved": false }, "underscore-plus": { "version": "1.7.0", - "bundled": true, + "resolved": false, "requires": { "underscore": "^1.9.1" } @@ -4746,11 +4753,11 @@ "dependencies": { "underscore": { "version": "1.9.1", - "bundled": true + "resolved": false }, "underscore-plus": { "version": "1.7.0", - "bundled": true, + "resolved": false, "requires": { "underscore": "^1.9.1" } diff --git a/package.json b/package.json index bdde1534777..69e35477f9d 100644 --- a/package.json +++ b/package.json @@ -167,7 +167,8 @@ "whitespace": "https://www.atom.io/api/packages/whitespace/versions/0.37.7/tarball", "winreg": "^1.2.1", "wrap-guide": "https://www.atom.io/api/packages/wrap-guide/versions/0.41.0/tarball", - "yargs": "^3.23.0" + "yargs": "^3.23.0", + "@snyk/protect": "latest" }, "packageDependencies": { "atom-dark-syntax": "file:./packages/atom-dark-syntax", @@ -267,7 +268,9 @@ "private": true, "scripts": { "preinstall": "node -e 'process.exit(0)'", - "test": "node script/test" + "test": "node script/test", + "prepare": "npm run snyk-protect", + "snyk-protect": "snyk-protect" }, "standard-engine": "./script/node_modules/standard", "standard": { @@ -281,5 +284,6 @@ "atom", "snapshotResult" ] - } + }, + "snyk": true }