diff --git a/deps/npm/.snyk b/deps/npm/.snyk new file mode 100644 index 00000000000000..ac2cbc70a21e4e --- /dev/null +++ b/deps/npm/.snyk @@ -0,0 +1,8 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.22.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:lodash:20180130': + - cli-table2 > lodash: + patched: '2022-01-17T13:35:11.264Z' diff --git a/deps/npm/package.json b/deps/npm/package.json index fb2b04c1b5c60f..d4b8dc7236567e 100644 --- a/deps/npm/package.json +++ b/deps/npm/package.json @@ -35,16 +35,16 @@ "dependencies": { "JSONStream": "~1.3.1", "abbrev": "~1.1.1", - "ansi-regex": "~3.0.0", + "ansi-regex": "~5.0.1", "ansicolors": "~0.3.2", "ansistyles": "~0.1.3", "aproba": "~1.2.0", "archy": "~1.0.0", "bin-links": "^1.1.0", "bluebird": "~3.5.1", - "cacache": "~10.0.1", + "cacache": "~11.0.1", "call-limit": "~1.1.0", - "chownr": "~1.0.1", + "chownr": "~1.1.0", "cli-table2": "~0.2.0", "cmd-shim": "~2.0.2", "columnify": "~1.5.4", @@ -59,7 +59,7 @@ "glob": "~7.1.2", "graceful-fs": "~4.1.11", "has-unicode": "~2.0.1", - "hosted-git-info": "~2.5.0", + "hosted-git-info": "~2.8.9", "iferr": "~0.1.5", "inflight": "~1.0.6", "inherits": "~2.0.3", @@ -67,7 +67,7 @@ "init-package-json": "~1.10.1", "is-cidr": "~1.0.0", "lazy-property": "~1.0.0", - "libnpx": "~9.7.1", + "libnpx": "~10.2.4", "lockfile": "~1.0.3", "lodash._baseuniq": "~4.6.0", "lodash.clonedeep": "~4.5.0", @@ -83,17 +83,17 @@ "normalize-package-data": "~2.4.0", "npm-cache-filename": "~1.0.2", "npm-install-checks": "~3.0.0", - "npm-lifecycle": "~2.0.0", + "npm-lifecycle": "~2.1.1", "npm-package-arg": "~6.0.0", "npm-packlist": "~1.1.10", - "npm-profile": "~2.0.5", + "npm-profile": "~3.0.2", "npm-registry-client": "~8.5.0", "npm-user-validate": "~1.0.0", "npmlog": "~4.1.2", "once": "~1.4.0", "opener": "~1.4.3", "osenv": "~0.1.4", - "pacote": "^7.0.2", + "pacote": "^8.0.0", "path-is-inside": "~1.0.2", "promise-inflight": "~1.0.1", "qrcode-terminal": "~0.11.0", @@ -105,7 +105,7 @@ "read-package-json": "~2.0.12", "read-package-tree": "~5.1.6", "readable-stream": "~2.3.3", - "request": "~2.83.0", + "request": "~2.88.0", "retry": "~0.10.1", "rimraf": "~2.6.2", "safe-buffer": "~5.1.1", @@ -115,20 +115,21 @@ "sorted-object": "~2.0.1", "sorted-union-stream": "~2.1.3", "ssri": "~5.0.0", - "strip-ansi": "~4.0.0", + "strip-ansi": "~6.0.0", "tar": "^4.0.2", "text-table": "~0.2.0", "uid-number": "0.0.6", "umask": "~1.1.0", "unique-filename": "~1.1.0", "unpipe": "~1.0.0", - "update-notifier": "~2.3.0", + "update-notifier": "~4.0.0", "uuid": "~3.1.0", "validate-npm-package-name": "~3.0.0", "which": "~1.3.0", "worker-farm": "~1.5.1", "wrappy": "~1.0.2", - "write-file-atomic": "~2.1.0" + "write-file-atomic": "~2.1.0", + "@snyk/protect": "latest" }, "bundleDependencies": [ "abbrev", @@ -252,14 +253,16 @@ }, "scripts": { "dumpconf": "env | grep npm | sort | uniq", - "prepare": "node bin/npm-cli.js --no-timing prune --prefix=. --no-global && rimraf test/*/*/node_modules && make -j4 doc", + "prepare": "npm run snyk-protect && node bin/npm-cli.js --no-timing prune --prefix=. --no-global && rimraf test/*/*/node_modules && make -j4 doc", "preversion": "bash scripts/update-authors.sh && git add AUTHORS && git commit -m \"update AUTHORS\" || true", "tap": "tap --timeout 300", "tap-cover": "tap --nyc-arg='--cache' --coverage --timeout 600", "test": "standard && npm run test-tap", "test-coverage": "npm run tap-cover -- \"test/tap/*.js\" \"test/network/*.js\" \"test/broken-under-*/*.js\"", "test-tap": "npm run tap -- \"test/tap/*.js\" \"test/network/*.js\" \"test/broken-under-*/*.js\"", - "test-node": "tap --timeout 240 \"test/tap/*.js\" \"test/network/*.js\" \"test/broken-under-nyc*/*.js\"" + "test-node": "tap --timeout 240 \"test/tap/*.js\" \"test/network/*.js\" \"test/broken-under-nyc*/*.js\"", + "snyk-protect": "snyk-protect" }, - "license": "Artistic-2.0" + "license": "Artistic-2.0", + "snyk": true }