diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..f7c4d18 --- /dev/null +++ b/.snyk @@ -0,0 +1,12 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.22.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - elasticsearch > lodash: + patched: '2022-03-26T02:37:30.933Z' + - tc-core-library-js > lodash: + patched: '2022-03-26T02:37:30.933Z' + - winston > async > lodash: + patched: '2022-03-26T02:37:30.933Z' diff --git a/package-lock.json b/package-lock.json index 4b72cb1..10463e7 100644 --- a/package-lock.json +++ b/package-lock.json @@ -55,6 +55,11 @@ } } }, + "@snyk/protect": { + "version": "1.883.0", + "resolved": "https://registry.npmjs.org/@snyk/protect/-/protect-1.883.0.tgz", + "integrity": "sha512-N/EqG6P/qNYWOfuZAfGS1d7yGwGY4zV7AvKtgTzdhazDt7G/mRLG6czLSWNWGEFYBiMsYRVPHdc5It3bjhmIGw==" + }, "@types/body-parser": { "version": "1.19.0", "resolved": "https://registry.npmjs.org/@types/body-parser/-/body-parser-1.19.0.tgz", @@ -2231,9 +2236,9 @@ } }, "lodash": { - "version": "4.17.19", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.19.tgz", - "integrity": "sha512-JNvd8XER9GQX0v2qJgsaN/mzFCNA5BRe/j8JN9d+tWyGLSodKQHKFicdwNYzWwI3wjRnaKPsGj1XkBjx/F96DQ==" + "version": "4.17.20", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz", + "integrity": "sha512-PlhdFcillOINfeV7Ni6oF1TAEayyZBoZ8bcshTHqOYJYlrqzRK5hagpagky5o4HfCzzd1TRkXPMFq6cKk9rGmA==" }, "lodash.clonedeep": { "version": "4.5.0", diff --git a/package.json b/package.json index 113ce55..9d735aa 100644 --- a/package.json +++ b/package.json @@ -17,7 +17,7 @@ "hashmap": "^2.4.0", "http-aws-es": "^6.0.0", "informix-wrapper": "git+https://github.com/appirio-tech/informix-wrapper.git#less-logs", - "lodash": "^4.17.19", + "lodash": "^4.17.20", "moment": "^2.26.0", "moment-timezone": "^0.5.28", "node-schedule": "^1.3.2", @@ -28,7 +28,8 @@ "underscore": "^1.10.2", "uuid": "^3.3.2", "winston": "^3.2.1", - "yamljs": "^0.3.0" + "yamljs": "^0.3.0", + "@snyk/protect": "latest" }, "devDependencies": { "standard": "^14.1.0" @@ -38,8 +39,11 @@ "lint": "standard", "lint:fix": "standard --fix", "init-es": "node src/scripts/init-es.js", - "migrate": "node src/scripts/migration.js -- $MIGRATION" + "migrate": "node src/scripts/migration.js -- $MIGRATION", + "prepare": "npm run snyk-protect", + "snyk-protect": "snyk-protect" }, "author": "TCSCODER", - "license": "" + "license": "", + "snyk": true }