diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..fadd71a --- /dev/null +++ b/.snyk @@ -0,0 +1,42 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.22.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - react-scripts > @babel/core > lodash: + patched: '2021-10-22T20:42:29.058Z' + - react-scripts > eslint > lodash: + patched: '2021-10-22T20:42:29.058Z' + - react-scripts > eslint-plugin-flowtype > lodash: + patched: '2021-10-22T20:42:29.058Z' + - react-scripts > @svgr/webpack > @babel/core > lodash: + patched: '2021-10-22T20:42:29.058Z' + - react-scripts > eslint > inquirer > lodash: + patched: '2021-10-22T20:42:29.058Z' + - react-scripts > react-dev-utils > inquirer > lodash: + patched: '2021-10-22T20:42:29.058Z' + - react-scripts > @svgr/webpack > @babel/preset-env > @babel/plugin-transform-block-scoping > lodash: + patched: '2021-10-22T20:42:29.058Z' + - react-scripts > webpack-dev-server > portfinder > async > lodash: + patched: '2021-10-22T20:42:29.058Z' + - react-scripts > @svgr/webpack > @babel/preset-env > @babel/plugin-transform-sticky-regex > @babel/helper-regex > lodash: + patched: '2021-10-22T20:42:29.058Z' + - react-scripts > html-webpack-plugin > lodash: + patched: '2021-10-22T20:42:29.058Z' + - react-scripts > webpack-manifest-plugin > lodash: + patched: '2021-10-22T20:42:29.058Z' + - react-scripts > babel-eslint > @babel/traverse > lodash: + patched: '2021-10-22T20:42:29.058Z' + - react-scripts > eslint > table > lodash: + patched: '2021-10-22T20:42:29.058Z' + - react-scripts > optimize-css-assets-webpack-plugin > last-call-webpack-plugin > lodash: + patched: '2021-10-22T20:42:29.058Z' + - react-scripts > webpack-dev-server > http-proxy-middleware > lodash: + patched: '2021-10-22T20:42:29.058Z' + - react-scripts > babel-eslint > @babel/traverse > @babel/generator > lodash: + patched: '2021-10-22T20:42:29.058Z' + - react-scripts > babel-jest > @jest/transform > @babel/core > lodash: + patched: '2021-10-22T20:42:29.058Z' + - react-scripts > jest-environment-jsdom-fourteen > jsdom > request-promise-native > request-promise-core > lodash: + patched: '2021-10-22T20:42:29.058Z' diff --git a/package.json b/package.json index 43658bc..9f26764 100644 --- a/package.json +++ b/package.json @@ -27,13 +27,16 @@ "redux-devtools-extension": "^2.13.8", "redux-persist": "^5.10.0", "typescript": "^3.4.5", - "uuid": "^3.3.2" + "uuid": "^3.3.2", + "@snyk/protect": "latest" }, "scripts": { "start": "react-scripts start", "build": "react-scripts build", "test": "react-scripts test", - "eject": "react-scripts eject" + "eject": "react-scripts eject", + "prepare": "yarn run snyk-protect", + "snyk-protect": "snyk-protect" }, "eslintConfig": { "extends": "react-app" @@ -43,5 +46,6 @@ "not dead", "not ie <= 11", "not op_mini all" - ] + ], + "snyk": true } diff --git a/yarn.lock b/yarn.lock index e93d21f..84dfc9c 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1374,6 +1374,11 @@ resolved "https://registry.yarnpkg.com/@nodelib/fs.stat/-/fs.stat-1.1.3.tgz#2b5a3ab3f918cca48a8c754c08168e3f03eba61b" integrity sha512-shAmDyaQC4H92APFoIaVDHCx5bStIocgvbwQyxPRrbUY20V1EYTbSDchWbuwlMG3V17cprZhA6+78JfB+3DTPw== +"@snyk/protect@^1.744.0": + version "1.744.0" + resolved "https://registry.yarnpkg.com/@snyk/protect/-/protect-1.744.0.tgz#c021396d0c7360fb2452e7f90c9f28c73a6795e2" + integrity sha512-oCxsOyMXcUFYJTjPHp+LzfcalMiSEYtZYOj1/E/uhKwyLfCm+abZxbK7Vn6E3ITAhN5xxLQZzU8lIrSCK9IDcQ== + "@svgr/babel-plugin-add-jsx-attribute@^4.2.0": version "4.2.0" resolved "https://registry.yarnpkg.com/@svgr/babel-plugin-add-jsx-attribute/-/babel-plugin-add-jsx-attribute-4.2.0.tgz#dadcb6218503532d6884b210e7f3c502caaa44b1"