From 03877636cfa20a4291049eb2ac418aeaa5ae5f5f Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 1 May 2020 03:57:43 +0200 Subject: [PATCH 1/2] fix: packages/frontend/package.json & packages/frontend/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- packages/frontend/package.json | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/packages/frontend/package.json b/packages/frontend/package.json index f1fe71e..f438566 100644 --- a/packages/frontend/package.json +++ b/packages/frontend/package.json @@ -34,7 +34,8 @@ "react-router-dom": "^4.3.1", "uuid": "^3.2.1", "vega-lib": "^4.2.0", - "whatwg-fetch": "3.0.0" + "whatwg-fetch": "3.0.0", + "snyk": "^1.316.1" }, "author": { "name": "Florian Richter" @@ -43,7 +44,9 @@ "start": "parcel public/index.html --no-hmr --log-level 2", "lint": "tslint -p . --fix", "build": "parcel build public/index.html --no-cache --log-level 1", - "clean": "rm -rf build node_modules dist .cache" + "clean": "rm -rf build node_modules dist .cache", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" }, "devDependencies": { "@babel/core": "^7.0.0-0", @@ -71,5 +74,6 @@ }, "sw-precache": { "maximumFileSizeToCacheInBytes": 10485760 - } + }, + "snyk": true } From 2df16e19e87c96a8173e38e3993e3aefea965694 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 1 May 2020 03:57:44 +0200 Subject: [PATCH 2/2] fix: packages/frontend/package.json & packages/frontend/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- packages/frontend/.snyk | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 packages/frontend/.snyk diff --git a/packages/frontend/.snyk b/packages/frontend/.snyk new file mode 100644 index 0000000..70f46ab --- /dev/null +++ b/packages/frontend/.snyk @@ -0,0 +1,18 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.14.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - antd > lodash: + patched: '2020-05-01T01:57:40.940Z' + - antd > rc-form > lodash: + patched: '2020-05-01T01:57:40.940Z' + - antd > rc-steps > lodash: + patched: '2020-05-01T01:57:40.940Z' + - antd > rc-table > lodash: + patched: '2020-05-01T01:57:40.940Z' + - antd > rc-tabs > lodash: + patched: '2020-05-01T01:57:40.940Z' + - antd > rc-editor-mention > rc-editor-core > lodash: + patched: '2020-05-01T01:57:40.940Z'