From 219a6bccbd7725b1bf1d4c5ad304bce4d5ea10c1 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 5 May 2020 01:06:02 +0300 Subject: [PATCH 1/2] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- package.json | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/package.json b/package.json index dc4a1ad..a296d4d 100644 --- a/package.json +++ b/package.json @@ -14,7 +14,9 @@ "node": ">=0.10.0" }, "scripts": { - "test": "mocha" + "test": "mocha", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" }, "files": [ "app" @@ -26,12 +28,14 @@ "dependencies": { "chalk": "^0.5.0", "yeoman-generator": "^0.18.9", - "yosay": "^1.0.2" + "yosay": "^1.0.2", + "snyk": "^1.317.0" }, "devDependencies": { "mocha": "*" }, "peerDependencies": { "yo": ">=1.0.0" - } + }, + "snyk": true } From 6e6bc290174c70d5cf5b68d2ba06693f34a5d2f8 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 5 May 2020 01:06:03 +0300 Subject: [PATCH 2/2] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- .snyk | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..d717f0e --- /dev/null +++ b/.snyk @@ -0,0 +1,12 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.14.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - yeoman-generator > yeoman-environment > lodash: + patched: '2020-05-04T22:05:59.249Z' + - yeoman-generator > yeoman-environment > grouped-queue > lodash: + patched: '2020-05-04T22:05:59.249Z' + - yeoman-generator > yeoman-environment > inquirer > lodash: + patched: '2020-05-04T22:05:59.249Z'