From 23b24feb3cb38b3cc23456d49727fbaa51860a3e Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Mon, 5 Apr 2021 05:55:31 +0000 Subject: [PATCH] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-173700 - https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-72889 - https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-72890 - https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905 - https://snyk.io/vuln/SNYK-JS-JQUERY-174006 - https://snyk.io/vuln/SNYK-JS-JQUERY-565129 - https://snyk.io/vuln/SNYK-JS-JQUERY-567880 - https://snyk.io/vuln/SNYK-JS-JSYAML-173999 - https://snyk.io/vuln/SNYK-JS-JSYAML-174129 - https://snyk.io/vuln/SNYK-JS-LODASH-1018905 - https://snyk.io/vuln/SNYK-JS-LODASH-1040724 - https://snyk.io/vuln/SNYK-JS-LODASH-450202 - https://snyk.io/vuln/SNYK-JS-LODASH-567746 - https://snyk.io/vuln/SNYK-JS-LODASH-590103 - https://snyk.io/vuln/SNYK-JS-LODASH-608086 - https://snyk.io/vuln/SNYK-JS-LODASH-73638 - https://snyk.io/vuln/SNYK-JS-LODASH-73639 - https://snyk.io/vuln/SNYK-JS-NODESASS-535499 - https://snyk.io/vuln/SNYK-JS-NODESASS-535501 - https://snyk.io/vuln/SNYK-JS-NODESASS-535503 - https://snyk.io/vuln/SNYK-JS-NODESASS-535504 - https://snyk.io/vuln/SNYK-JS-NODESASS-535505 - https://snyk.io/vuln/SNYK-JS-NODESASS-540960 - https://snyk.io/vuln/SNYK-JS-NODESASS-540962 - https://snyk.io/vuln/SNYK-JS-NODESASS-540966 - https://snyk.io/vuln/SNYK-JS-NODESASS-540968 - https://snyk.io/vuln/SNYK-JS-NODESASS-540970 - https://snyk.io/vuln/SNYK-JS-NODESASS-540972 - https://snyk.io/vuln/SNYK-JS-NODESASS-540974 - https://snyk.io/vuln/SNYK-JS-NODESASS-540982 - https://snyk.io/vuln/SNYK-JS-NODESASS-540984 - https://snyk.io/vuln/SNYK-JS-NODESASS-540986 - https://snyk.io/vuln/SNYK-JS-NODESASS-540988 - https://snyk.io/vuln/SNYK-JS-NODESASS-542662 - https://snyk.io/vuln/npm:bootstrap:20160627 - https://snyk.io/vuln/npm:bootstrap:20180529 - https://snyk.io/vuln/npm:braces:20180219 - https://snyk.io/vuln/npm:jquery:20150627 - https://snyk.io/vuln/npm:lodash:20180130 - https://snyk.io/vuln/npm:qs:20170213 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:minimatch:20160620 --- .snyk | 8 ++++++++ package.json | 22 ++++++++++++++-------- 2 files changed, 22 insertions(+), 8 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..3c15129 --- /dev/null +++ b/.snyk @@ -0,0 +1,8 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.19.0 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:minimatch:20160620': + - uport-lib > uport-persona > blockstack-profiles > hasprop > tape > glob > minimatch: + patched: '2021-04-05T05:55:28.425Z' diff --git a/package.json b/package.json index fbc19a0..c082713 100644 --- a/package.json +++ b/package.json @@ -9,18 +9,18 @@ "babel-preset-es2015": "^6.3.13", "babel-preset-react": "^6.3.13", "bluebird": "^3.1.5", - "bootstrap": "3.3.6", + "bootstrap": "3.4.1", "bootstrap-webpack": "0.0.5", - "copy-webpack-plugin": "^1.1.1", - "css-loader": "^0.23.1", + "copy-webpack-plugin": "^2.0.0", + "css-loader": "^1.0.0", "ether-pudding": "^2.0.0", "extract-text-webpack-plugin": "^1.0.1", "font-awesome": "4.5.0", - "history": "1.13.x", + "history": "1.14.0", "imports-loader": "^0.6.5", - "jquery": "1.11.3", + "jquery": "3.5.0", "json-loader": "^0.5.4", - "node-sass": "^3.4.2", + "node-sass": "^4.13.1", "react": "^0.14.3", "react-dom": "^0.14.3", "react-mixin": "^3.0.5", @@ -30,7 +30,8 @@ "style-loader": "^0.13.0", "uport-lib": "^1.3.1", "web3": "0.16.0", - "webpack": "^1.12.12" + "webpack": "^2.2.0", + "snyk": "^1.522.0" }, "devDependencies": { "async": "*", @@ -52,5 +53,10 @@ "email": "simon@delarouviere.com", "url": "https://github.com/simondlr" } - ] + ], + "scripts": { + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" + }, + "snyk": true }