From 33e64a6d27380c003bddf530190e8822f5d9b345 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 1 Dec 2023 00:46:56 +0000 Subject: [PATCH] fix: deps/npm/node_modules/minipass-sized/package.json & deps/npm/node_modules/minipass-sized/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- deps/npm/node_modules/minipass-sized/.snyk | 10 ++++++++++ deps/npm/node_modules/minipass-sized/package.json | 10 +++++++--- 2 files changed, 17 insertions(+), 3 deletions(-) create mode 100644 deps/npm/node_modules/minipass-sized/.snyk diff --git a/deps/npm/node_modules/minipass-sized/.snyk b/deps/npm/node_modules/minipass-sized/.snyk new file mode 100644 index 00000000000000..0f45463d461626 --- /dev/null +++ b/deps/npm/node_modules/minipass-sized/.snyk @@ -0,0 +1,10 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.25.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - tap > import-jsx > babel-core > lodash: + patched: '2023-12-01T00:46:53.802Z' + id: SNYK-JS-LODASH-567746 + path: tap > import-jsx > babel-core > lodash diff --git a/deps/npm/node_modules/minipass-sized/package.json b/deps/npm/node_modules/minipass-sized/package.json index a3257fd8f673ae..651281fc506475 100644 --- a/deps/npm/node_modules/minipass-sized/package.json +++ b/deps/npm/node_modules/minipass-sized/package.json @@ -9,7 +9,9 @@ "snap": "tap", "preversion": "npm test", "postversion": "npm publish", - "postpublish": "git push origin --follow-tags" + "postpublish": "git push origin --follow-tags", + "prepublish": "npm run snyk-protect", + "snyk-protect": "snyk-protect" }, "tap": { "check-coverage": true @@ -18,7 +20,8 @@ "tap": "^14.6.4" }, "dependencies": { - "minipass": "^3.0.0" + "minipass": "^3.0.0", + "@snyk/protect": "latest" }, "main": "index.js", "keywords": [ @@ -35,5 +38,6 @@ }, "engines": { "node": ">=8" - } + }, + "snyk": true }