From 6bee0a8c776d151ae4c99a0e649ea6fc7d93d197 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 30 Apr 2020 23:13:55 +0100 Subject: [PATCH 1/2] fix: .snyk & package.json to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- .snyk | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..5e50e4f --- /dev/null +++ b/.snyk @@ -0,0 +1,50 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.14.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - ember-cli-babel > @babel/core > lodash: + patched: '2020-04-30T22:13:54.268Z' + - ember-cli-babel > @babel/preset-env > @babel/plugin-transform-block-scoping > lodash: + patched: '2020-04-30T22:13:54.268Z' + - ember-cli-babel > broccoli-babel-transpiler > @babel/core > lodash: + patched: '2020-04-30T22:13:54.268Z' + - ember-cli-babel > @babel/preset-env > @babel/plugin-transform-classes > @babel/helper-define-map > lodash: + patched: '2020-04-30T22:13:54.268Z' + - ember-cli-babel > broccoli-babel-transpiler > @babel/core > @babel/traverse > lodash: + patched: '2020-04-30T22:13:54.268Z' + - ember-cli-babel > broccoli-babel-transpiler > workerpool > @babel/core > lodash: + patched: '2020-04-30T22:13:54.268Z' + - ember-cli-htmlbars > broccoli-persistent-filter > async-promise-queue > async > lodash: + patched: '2020-04-30T22:13:54.268Z' + - ember-cli-babel > @babel/preset-env > @babel/plugin-transform-unicode-regex > @babel/helper-create-regexp-features-plugin > @babel/helper-regex > lodash: + patched: '2020-04-30T22:13:54.268Z' + - ember-cli-babel > broccoli-babel-transpiler > @babel/core > @babel/helpers > @babel/traverse > lodash: + patched: '2020-04-30T22:13:54.268Z' + - ember-cli-babel > broccoli-babel-transpiler > workerpool > @babel/core > @babel/traverse > lodash: + patched: '2020-04-30T22:13:54.268Z' + - ember-cli-babel > broccoli-babel-transpiler > broccoli-persistent-filter > async-promise-queue > async > lodash: + patched: '2020-04-30T22:13:54.268Z' + - ember-cli-babel > @babel/preset-env > @babel/plugin-transform-exponentiation-operator > @babel/helper-builder-binary-assignment-operator-visitor > @babel/helper-explode-assignable-expression > @babel/traverse > lodash: + patched: '2020-04-30T22:13:54.268Z' + - ember-cli-babel > broccoli-babel-transpiler > @babel/core > @babel/helpers > @babel/traverse > @babel/generator > lodash: + patched: '2020-04-30T22:13:54.268Z' + - ember-cli-babel > broccoli-babel-transpiler > workerpool > @babel/core > @babel/helpers > @babel/traverse > lodash: + patched: '2020-04-30T22:13:54.268Z' + - ember-cli-babel > broccoli-babel-transpiler > @babel/core > @babel/helpers > @babel/traverse > @babel/helper-split-export-declaration > @babel/types > lodash: + patched: '2020-04-30T22:13:54.268Z' + - ember-cli-babel > broccoli-babel-transpiler > workerpool > @babel/core > @babel/helpers > @babel/traverse > @babel/generator > lodash: + patched: '2020-04-30T22:13:54.268Z' + - ember-cli-babel > @babel/preset-env > @babel/plugin-transform-exponentiation-operator > @babel/helper-builder-binary-assignment-operator-visitor > @babel/helper-explode-assignable-expression > @babel/traverse > @babel/generator > lodash: + patched: '2020-04-30T22:13:54.268Z' + - ember-cli-babel > broccoli-babel-transpiler > workerpool > @babel/core > @babel/helpers > @babel/traverse > @babel/helper-split-export-declaration > @babel/types > lodash: + patched: '2020-04-30T22:13:54.268Z' + - ember-cli-babel > @babel/preset-env > @babel/plugin-transform-exponentiation-operator > @babel/helper-builder-binary-assignment-operator-visitor > @babel/helper-explode-assignable-expression > @babel/traverse > @babel/helper-split-export-declaration > @babel/types > lodash: + patched: '2020-04-30T22:13:54.268Z' + - ember-cli-babel > broccoli-babel-transpiler > @babel/core > @babel/helpers > @babel/traverse > @babel/helper-function-name > @babel/helper-get-function-arity > @babel/types > lodash: + patched: '2020-04-30T22:13:54.268Z' + - ember-cli-babel > broccoli-babel-transpiler > workerpool > @babel/core > @babel/helpers > @babel/traverse > @babel/helper-function-name > @babel/helper-get-function-arity > @babel/types > lodash: + patched: '2020-04-30T22:13:54.268Z' + - ember-cli-babel > @babel/preset-env > @babel/plugin-transform-exponentiation-operator > @babel/helper-builder-binary-assignment-operator-visitor > @babel/helper-explode-assignable-expression > @babel/traverse > @babel/helper-function-name > @babel/helper-get-function-arity > @babel/types > lodash: + patched: '2020-04-30T22:13:54.268Z' From 3b024ea9b2cef33191842728bba411355742283c Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 30 Apr 2020 23:13:56 +0100 Subject: [PATCH 2/2] fix: .snyk & package.json to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- package.json | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/package.json b/package.json index eb0d8c3..d5dc082 100644 --- a/package.json +++ b/package.json @@ -13,14 +13,17 @@ "lint:js": "eslint .", "start": "ember serve", "test": "ember test", - "test:all": "ember try:each" + "test:all": "ember try:each", + "snyk-protect": "snyk protect", + "prepare": "yarn run snyk-protect" }, "dependencies": { "broccoli-funnel": "^3.0.2", "broccoli-merge-trees": "^4.0.1", "ember-cli-babel": "^7.7.3", "ember-cli-htmlbars": "^4.2.3", - "nouislider": "^14.1.1" + "nouislider": "^14.1.1", + "snyk": "^1.316.1" }, "devDependencies": { "@ember/optional-features": "^0.7.0", @@ -64,5 +67,6 @@ "ember-addon": { "configPath": "tests/dummy/config", "demoURL": "http://kennethkalmer.github.com/ember-cli-nouislider" - } + }, + "snyk": true }