From b4ac2f30bffbe2ae4fe92c62b5012caa3fd7b27a Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 6 Oct 2022 22:26:49 +0000 Subject: [PATCH] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ADMZIP-1065796 - https://snyk.io/vuln/SNYK-JS-AJV-584908 - https://snyk.io/vuln/SNYK-JS-ANSIHTML-1296849 - https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908 - https://snyk.io/vuln/SNYK-JS-ASYNC-2441827 - https://snyk.io/vuln/SNYK-JS-BUNYAN-573166 - https://snyk.io/vuln/SNYK-JS-DOTPROP-543489 - https://snyk.io/vuln/SNYK-JS-EVENTSOURCE-2823375 - https://snyk.io/vuln/SNYK-JS-GETOBJECT-1054932 - https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905 - https://snyk.io/vuln/SNYK-JS-GOT-2932019 - https://snyk.io/vuln/SNYK-JS-GRUNT-2635969 - https://snyk.io/vuln/SNYK-JS-GRUNT-2813632 - https://snyk.io/vuln/SNYK-JS-GRUNT-597546 - https://snyk.io/vuln/SNYK-JS-JSYAML-173999 - https://snyk.io/vuln/SNYK-JS-JSYAML-174129 - https://snyk.io/vuln/SNYK-JS-JSZIP-1251497 - https://snyk.io/vuln/SNYK-JS-LODASH-1018905 - https://snyk.io/vuln/SNYK-JS-LODASH-1040724 - https://snyk.io/vuln/SNYK-JS-LODASH-450202 - https://snyk.io/vuln/SNYK-JS-LODASH-567746 - https://snyk.io/vuln/SNYK-JS-LODASH-608086 - https://snyk.io/vuln/SNYK-JS-LODASH-73638 - https://snyk.io/vuln/SNYK-JS-LODASH-73639 - https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795 - https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 - https://snyk.io/vuln/SNYK-JS-MOCHA-561476 - https://snyk.io/vuln/SNYK-JS-NODEFORGE-2330875 - https://snyk.io/vuln/SNYK-JS-NODEFORGE-2331908 - https://snyk.io/vuln/SNYK-JS-NODEFORGE-2430337 - https://snyk.io/vuln/SNYK-JS-NODEFORGE-2430339 - https://snyk.io/vuln/SNYK-JS-NODEFORGE-2430341 - https://snyk.io/vuln/SNYK-JS-NODENOTIFIER-1035794 - https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640 - https://snyk.io/vuln/SNYK-JS-SHELLJS-2332187 - https://snyk.io/vuln/SNYK-JS-SHELLQUOTE-1766506 - https://snyk.io/vuln/SNYK-JS-SOCKJS-575261 - https://snyk.io/vuln/SNYK-JS-TRIMNEWLINES-1298042 - https://snyk.io/vuln/SNYK-JS-UGLIFYJS-1727251 - https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984 - https://snyk.io/vuln/SNYK-JS-WEBPACKDEVSERVER-72405 - https://snyk.io/vuln/SNYK-JS-XMLDOM-1084960 - https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381 - https://snyk.io/vuln/npm:braces:20180219 - https://snyk.io/vuln/npm:mem:20180117 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 - https://snyk.io/vuln/npm:lodash:20180130 - https://snyk.io/vuln/npm:minimatch:20160620 --- .snyk | 18 ++++++++++++++++++ package.json | 44 ++++++++++++++++++++++++-------------------- 2 files changed, 42 insertions(+), 20 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000000..f73b40b6c7 --- /dev/null +++ b/.snyk @@ -0,0 +1,18 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.25.0 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - conventional-changelog-lint > lodash: + patched: '2022-10-06T22:26:44.235Z' + 'npm:lodash:20180130': + - load-grunt-configs > lodash: + patched: '2022-10-06T22:26:44.235Z' + - load-grunt-configs > inquirer > lodash: + patched: '2022-10-06T22:26:44.235Z' + - nsp > cli-table2 > lodash: + patched: '2022-10-06T22:26:44.235Z' + 'npm:minimatch:20160620': + - babel-istanbul-loader > babel-istanbul > fileset > minimatch: + patched: '2022-10-06T22:26:44.235Z' diff --git a/package.json b/package.json index a7e4d92f2f..be9d95b704 100644 --- a/package.json +++ b/package.json @@ -25,7 +25,9 @@ "changelog-lint": "conventional-changelog-lint --from master", "changelog-lint-from-stdin": "conventional-changelog-lint", "travis-pr-title-lint": "grunt travis-pr-title-lint", - "gen-contributing-toc": "doctoc CONTRIBUTING.md" + "gen-contributing-toc": "doctoc CONTRIBUTING.md", + "prepublish": "npm run snyk-protect", + "snyk-protect": "snyk-protect" }, "homepage": "https://github.com/mozilla/web-ext", "repository": { @@ -51,36 +53,37 @@ "@cliqz-oss/firefox-client": "0.3.1", "@cliqz-oss/node-firefox-connect": "1.2.1", "adbkit": "2.11.0", - "addons-linter": "1.3.1", + "addons-linter": "4.9.0", "babel-polyfill": "6.26.0", "babel-runtime": "6.26.0", - "bunyan": "1.8.12", + "bunyan": "1.8.13", "camelcase": "4.1.0", "debounce": "1.1.0", "decamelize": "2.0.0", "es6-error": "4.1.1", "es6-promisify": "5.0.0", "event-to-promise": "0.8.0", - "firefox-profile": "1.2.0", - "fx-runner": "1.0.9", - "git-rev-sync": "1.9.1", - "mkdirp": "0.5.1", + "firefox-profile": "4.1.0", + "fx-runner": "1.2.0", + "git-rev-sync": "3.0.2", + "mkdirp": "0.5.2", "multimatch": "2.1.0", "mz": "2.7.0", - "node-notifier": "5.2.1", + "node-notifier": "5.4.5", "opn": "5.3.0", "parse-json": "4.0.0", "regenerator-runtime": "0.11.1", "require-uncached": "1.0.3", - "sign-addon": "0.3.1", + "sign-addon": "1.0.0", "source-map-support": "0.5.3", "stream-to-promise": "2.2.0", "strip-json-comments": "2.0.1", "tmp": "0.0.33", - "update-notifier": "2.3.0", - "watchpack": "1.5.0", - "yargs": "6.6.0", - "zip-dir": "1.0.2" + "update-notifier": "6.0.0", + "watchpack": "1.7.1", + "yargs": "13.2.4", + "zip-dir": "2.0.0", + "@snyk/protect": "latest" }, "devDependencies": { "babel-core": "6.26.0", @@ -96,18 +99,18 @@ "babel-preset-stage-2": "6.24.1", "chai": "4.1.2", "chai-as-promised": "7.1.1", - "conventional-changelog-cli": "2.0.1", + "conventional-changelog-cli": "2.0.33", "conventional-changelog-lint": "2.1.1", "copy-dir": "0.3.0", "coveralls": "3.0.2", "deepcopy": "0.6.3", - "doctoc": "1.3.1", + "doctoc": "2.0.1", "eslint": "5.0.1", "eslint-plugin-async-await": "0.0.0", "eslint-plugin-flowtype": "2.49.3", "eslint-plugin-import": "2.13.0", "flow-bin": "0.75.0", - "grunt": "1.0.3", + "grunt": "1.5.3", "grunt-contrib-clean": "1.1.0", "grunt-contrib-copy": "1.0.0", "grunt-contrib-watch": "1.1.0", @@ -119,20 +122,21 @@ "grunt-webpack": "3.1.2", "load-grunt-configs": "1.0.0", "load-grunt-tasks": "4.0.0", - "mocha": "5.2.0", + "mocha": "6.2.3", "mocha-multi": "1.0.1", "nsp": "3.2.1", "object.entries": "1.0.4", "object.values": "1.0.4", "prettyjson": "1.2.1", "sinon": "6.1.2", - "webpack": "3.11.0", - "webpack-dev-server": "2.11.1", + "webpack": "4.26.0", + "webpack-dev-server": "4.7.3", "yauzl": "2.9.1" }, "author": "Kumar McMillan", "license": "MPL-2.0", "yargs": { "boolean-negation": false - } + }, + "snyk": true }