fix: src/m365/spfx/commands/project/test-projects/spfx-101-webpart-ko…

…/package.json & src/m365/spfx/commands/project/test-projects/spfx-101-webpart-ko/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-LODASH-1018905 - https://snyk.io/vuln/SNYK-JS-LODASH-1040724 - https://snyk.io/vuln/SNYK-JS-LODASH-450202 - https://snyk.io/vuln/SNYK-JS-LODASH-567746 - https://snyk.io/vuln/SNYK-JS-LODASH-608086 - https://snyk.io/vuln/SNYK-JS-LODASH-73638 - https://snyk.io/vuln/SNYK-JS-LODASH-73639 - https://snyk.io/vuln/SNYK-JS-LODASHMERGE-173732 - https://snyk.io/vuln/SNYK-JS-LODASHMERGE-173733 - https://snyk.io/vuln/SNYK-JS-LOG4JS-2348757 - https://snyk.io/vuln/SNYK-JS-MINIMATCH-1019388 - https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818 - https://snyk.io/vuln/npm:lodash:20180130 - https://snyk.io/vuln/npm:minimatch:20160620 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:minimatch:20160620
Centaurioun · Apr 9, 2023 · bc349b1 · bc349b1
1 parent 19e0c32
commit bc349b1
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 6 deletions.
diff --git a/src/m365/spfx/commands/project/test-projects/spfx-101-webpart-ko/.snyk b/src/m365/spfx/commands/project/test-projects/spfx-101-webpart-ko/.snyk
@@ -0,0 +1,18 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.0
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:minimatch:20160620':
+    - gulp > vinyl-fs > glob-stream > minimatch:
+        patched: '2023-03-28T23:10:07.110Z'
+    - '@microsoft/sp-build-web > gulp > vinyl-fs > glob-stream > minimatch':
+        patched: '2023-03-28T23:10:07.110Z'
+    - '@microsoft/sp-webpart-workbench > @microsoft/sp-build-core-tasks > gulp > vinyl-fs > glob-stream > minimatch':
+        patched: '2023-03-28T23:10:07.110Z'
+    - '@microsoft/sp-webpart-workbench > @microsoft/sp-build-core-tasks > @microsoft/gulp-core-build-webpack > gulp > vinyl-fs > glob-stream > minimatch':
+        patched: '2023-03-28T23:10:07.110Z'
+    - '@microsoft/sp-webpart-workbench > @microsoft/sp-build-core-tasks > @microsoft/sp-tslint-rules > @microsoft/gulp-core-build-typescript > gulp > vinyl-fs > glob-stream > minimatch':
+        patched: '2023-03-28T23:10:07.110Z'
+    - '@microsoft/sp-webpart-workbench > @microsoft/sp-build-core-tasks > @microsoft/sp-tslint-rules > @microsoft/gulp-core-build-typescript > @microsoft/gulp-core-build > gulp > vinyl-fs > glob-stream > minimatch':
+        patched: '2023-03-28T23:10:07.110Z'
diff --git a/src/m365/spfx/commands/project/test-projects/spfx-101-webpart-ko/package.json b/src/m365/spfx/commands/project/test-projects/spfx-101-webpart-ko/package.json
@@ -9,19 +9,23 @@
     "@microsoft/sp-client-base": "~1.0.0",
     "@microsoft/sp-core-library": "~1.0.0",
     "@microsoft/sp-webpart-base": "~1.0.0",
-    "@types/webpack-env": ">=1.12.1 <1.14.0"
+    "@types/webpack-env": ">=1.12.1 <1.14.0",
+    "@snyk/protect": "latest"
   },
   "devDependencies": {
-    "@microsoft/sp-build-web": "~1.0.1",
+    "@microsoft/sp-build-web": "~1.12.0",
     "@microsoft/sp-module-interfaces": "~1.0.0",
-    "@microsoft/sp-webpart-workbench": "~1.0.0",
-    "gulp": "~3.9.1",
+    "@microsoft/sp-webpart-workbench": "~1.12.0",
+    "gulp": "~4.0.0",
     "@types/chai": ">=3.4.34 <3.6.0",
     "@types/mocha": ">=2.2.33 <2.6.0"
   },
   "scripts": {
     "build": "gulp bundle",
     "clean": "gulp clean",
-    "test": "gulp test"
-  }
+    "test": "gulp test",
+    "prepublish": "npm run snyk-protect",
+    "snyk-protect": "snyk-protect"
+  },
+  "snyk": true
 }