diff --git a/.snyk b/.snyk new file mode 100644 index 0000000000..b1696073a3 --- /dev/null +++ b/.snyk @@ -0,0 +1,101 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.25.0 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - '@babel/register > lodash': + patched: '2022-08-19T17:09:03.943Z' + - babel-plugin-transform-react-jsx-img-import > lodash: + patched: '2022-08-19T17:09:03.943Z' + - eslint > lodash: + patched: '2022-08-19T17:09:03.943Z' + - html-webpack-plugin > lodash: + patched: '2022-08-19T17:09:03.943Z' + - stylelint > lodash: + patched: '2022-08-19T17:09:03.943Z' + - stylelint-scss > lodash: + patched: '2022-08-19T17:09:03.943Z' + - webpack-bundle-analyzer > lodash: + patched: '2022-08-19T17:09:03.943Z' + - '@babel/preset-env > @babel/plugin-transform-block-scoping > lodash': + patched: '2022-08-19T17:09:03.943Z' + - babel-eslint > @babel/traverse > lodash: + patched: '2022-08-19T17:09:03.943Z' + - ava > @babel/core > lodash: + patched: '2022-08-19T17:09:03.943Z' + - babel-plugin-transform-react-jsx-img-import > babel-types > lodash: + patched: '2022-08-19T17:09:03.943Z' + - eslint > inquirer > lodash: + patched: '2022-08-19T17:09:03.943Z' + - eslint > table > lodash: + patched: '2022-08-19T17:09:03.943Z' + - stylelint > table > lodash: + patched: '2022-08-19T17:09:03.943Z' + - htmlhint > async > lodash: + patched: '2022-08-19T17:09:03.943Z' + - htmlhint > jshint > lodash: + patched: '2022-08-19T17:09:03.943Z' + - node-sass > sass-graph > lodash: + patched: '2022-08-19T17:09:03.943Z' + - stylelint > postcss-reporter > lodash: + patched: '2022-08-19T17:09:03.943Z' + - webpack-dev-server > http-proxy-middleware > lodash: + patched: '2022-08-19T17:09:03.943Z' + - '@babel/preset-env > @babel/plugin-transform-modules-umd > @babel/helper-module-transforms > lodash': + patched: '2022-08-19T17:09:03.943Z' + - babel-eslint > @babel/traverse > @babel/generator > lodash: + patched: '2022-08-19T17:09:03.943Z' + - stylelint > postcss-jsx > @babel/core > lodash: + patched: '2022-08-19T17:09:03.943Z' + - ava > @babel/core > @babel/traverse > lodash: + patched: '2022-08-19T17:09:03.943Z' + - jsdom > request-promise-native > request-promise-core > lodash: + patched: '2022-08-19T17:09:03.943Z' + - node-sass > gaze > globule > lodash: + patched: '2022-08-19T17:09:03.943Z' + - '@babel/preset-env > @babel/plugin-transform-parameters > @babel/helper-call-delegate > @babel/traverse > lodash': + patched: '2022-08-19T17:09:03.943Z' + - babel-eslint > @babel/traverse > @babel/helper-split-export-declaration > @babel/types > lodash: + patched: '2022-08-19T17:09:03.943Z' + - stylelint > postcss-jsx > @babel/core > @babel/traverse > lodash: + patched: '2022-08-19T17:09:03.943Z' + - ava > @ava/babel-preset-transform-test-files > babel-plugin-espower > @babel/generator > lodash: + patched: '2022-08-19T17:09:03.943Z' + - ava > @babel/core > @babel/helpers > @babel/traverse > lodash: + patched: '2022-08-19T17:09:03.943Z' + - '@babel/preset-env > @babel/plugin-transform-exponentiation-operator > @babel/helper-builder-binary-assignment-operator-visitor > @babel/helper-explode-assignable-expression > @babel/traverse > lodash': + patched: '2022-08-19T17:09:03.943Z' + - stylelint > postcss-jsx > @babel/core > @babel/helpers > @babel/traverse > lodash: + patched: '2022-08-19T17:09:03.943Z' + - ava > @ava/babel-preset-transform-test-files > babel-plugin-espower > @babel/generator > @babel/types > lodash: + patched: '2022-08-19T17:09:03.943Z' + - babel-eslint > @babel/traverse > @babel/helper-function-name > @babel/helper-get-function-arity > @babel/types > lodash: + patched: '2022-08-19T17:09:03.943Z' + - ava > @babel/core > @babel/helpers > @babel/traverse > @babel/generator > lodash: + patched: '2022-08-19T17:09:03.943Z' + - stylelint > postcss-jsx > @babel/core > @babel/helpers > @babel/traverse > @babel/generator > lodash: + patched: '2022-08-19T17:09:03.943Z' + - '@babel/preset-env > @babel/plugin-transform-exponentiation-operator > @babel/helper-builder-binary-assignment-operator-visitor > @babel/helper-explode-assignable-expression > @babel/traverse > @babel/generator > lodash': + patched: '2022-08-19T17:09:03.943Z' + - ava > @babel/core > @babel/helpers > @babel/traverse > @babel/helper-split-export-declaration > @babel/types > lodash: + patched: '2022-08-19T17:09:03.943Z' + - stylelint > postcss-jsx > @babel/core > @babel/helpers > @babel/traverse > @babel/helper-split-export-declaration > @babel/types > lodash: + patched: '2022-08-19T17:09:03.943Z' + - '@babel/preset-env > @babel/plugin-transform-exponentiation-operator > @babel/helper-builder-binary-assignment-operator-visitor > @babel/helper-explode-assignable-expression > @babel/traverse > @babel/helper-split-export-declaration > @babel/types > lodash': + patched: '2022-08-19T17:09:03.943Z' + - ava > @ava/babel-preset-stage-4 > @babel/plugin-transform-exponentiation-operator > @babel/helper-builder-binary-assignment-operator-visitor > @babel/helper-explode-assignable-expression > @babel/traverse > @babel/generator > lodash: + patched: '2022-08-19T17:09:03.943Z' + - ava > @ava/babel-preset-stage-4 > @babel/plugin-transform-exponentiation-operator > @babel/helper-builder-binary-assignment-operator-visitor > @babel/helper-explode-assignable-expression > @babel/traverse > @babel/helper-split-export-declaration > @babel/types > lodash: + patched: '2022-08-19T17:09:03.943Z' + - stylelint > postcss-jsx > @babel/core > @babel/helpers > @babel/traverse > @babel/helper-function-name > @babel/helper-get-function-arity > @babel/types > lodash: + patched: '2022-08-19T17:09:03.943Z' + - '@babel/preset-env > @babel/plugin-transform-exponentiation-operator > @babel/helper-builder-binary-assignment-operator-visitor > @babel/helper-explode-assignable-expression > @babel/traverse > @babel/helper-function-name > @babel/helper-get-function-arity > @babel/types > lodash': + patched: '2022-08-19T17:09:03.943Z' + - ava > @ava/babel-preset-stage-4 > @babel/plugin-transform-exponentiation-operator > @babel/helper-builder-binary-assignment-operator-visitor > @babel/helper-explode-assignable-expression > @babel/traverse > @babel/helper-function-name > @babel/helper-get-function-arity > @babel/types > lodash: + patched: '2022-08-19T17:09:03.943Z' + - node-sass > lodash: + patched: '2022-08-19T17:09:03.943Z' + 'npm:minimatch:20160620': + - spritesheet.js > glob > minimatch: + patched: '2022-08-19T17:09:03.943Z' diff --git a/package.json b/package.json index 09ddb1397f..3d5ce04569 100644 --- a/package.json +++ b/package.json @@ -30,7 +30,9 @@ "stats": "rimraf ./dist && webpack --mode=production --json", "spritesheet": "npm run spritesheet:system-action && npm run spritesheet:system-notice", "spritesheet:system-action": "spritesheet-js -f json -p src/assets/images/spritesheets/ --padding 8 --divisibleByTwo -n sprite-system-action-spritesheet --powerOfTwo src/assets/images/sprites/action/*", - "spritesheet:system-notice": "spritesheet-js -f json -p src/assets/images/spritesheets/ --padding 8 --divisibleByTwo -n sprite-system-notice-spritesheet --powerOfTwo src/assets/images/sprites/notice/*" + "spritesheet:system-notice": "spritesheet-js -f json -p src/assets/images/spritesheets/ --padding 8 --divisibleByTwo -n sprite-system-notice-spritesheet --powerOfTwo src/assets/images/sprites/notice/*", + "prepublish": "npm run snyk-protect", + "snyk-protect": "snyk-protect" }, "ava": { "files": [ @@ -104,7 +106,8 @@ "three-to-ammo": "github:infinitelee/three-to-ammo", "uuid": "^3.2.1", "webrtc-adapter": "^6.0.2", - "zip-loader": "^1.1.0" + "zip-loader": "^1.1.0", + "@snyk/protect": "latest" }, "devDependencies": { "@babel/core": "^7.3.3", @@ -114,14 +117,14 @@ "@babel/preset-env": "^7.3.1", "@babel/preset-react": "^7.0.0", "@babel/register": "^7.0.0", - "ava": "^1.4.1", + "ava": "^4.0.0", "babel-eslint": "^10.0.1", "babel-loader": "^8.0.5", "babel-plugin-react-intl": "^3.0.1", "babel-plugin-transform-react-jsx-img-import": "^0.1.4", - "copy-webpack-plugin": "^4.5.1", + "copy-webpack-plugin": "^5.1.2", "cors": "^2.8.4", - "css-loader": "^1.0.0", + "css-loader": "^2.0.0", "dotenv": "^5.0.1", "eslint": "^5.16.0", "eslint-config-prettier": "^2.9.0", @@ -130,35 +133,36 @@ "esm": "^3.2.5", "fast-plural-rules": "0.0.3", "file-loader": "^1.1.10", - "html-loader": "^0.5.5", - "html-webpack-plugin": "^3.1.0", - "htmlhint": "^0.11.0", + "html-loader": "^1.0.0", + "html-webpack-plugin": "^4.0.0", + "htmlhint": "^0.16.2", "jsdom": "^15.1.1", "localstorage-memory": "^1.0.3", "mini-css-extract-plugin": "^0.8.0", "ncp": "^2.0.0", - "node-fetch": "^2.6.0", - "node-sass": "^4.13.0", + "node-fetch": "^2.6.7", + "node-sass": "^7.0.1", "ora": "^4.0.2", "phoenix-channels": "^1.0.0", "prettier": "^1.7.0", "raw-loader": "^0.5.1", "rimraf": "^2.6.2", "sass-loader": "^6.0.7", - "selfsigned": "^1.10.2", - "shelljs": "^0.8.1", + "selfsigned": "^1.10.13", + "shelljs": "^0.8.5", "spritesheet-js": "github:mozillareality/spritesheet.js#hubs/master", "style-loader": "^0.20.2", - "stylelint": "^9.10.1", + "stylelint": "^14.0.0", "stylelint-config-recommended-scss": "^3.2.0", "stylelint-scss": "^3.5.3", "svg-inline-loader": "^0.8.0", - "tar": "^5.0.5", + "tar": "^5.0.10", "url-loader": "^1.0.1", "webpack": "^4.32.2", - "webpack-bundle-analyzer": "^3.3.2", - "webpack-cli": "^3.2.3", - "webpack-dev-server": "^3.1.14", + "webpack-bundle-analyzer": "^4.0.0", + "webpack-cli": "^3.3.5", + "webpack-dev-server": "^4.0.0", "worker-loader": "^2.0.0" - } + }, + "snyk": true }