From c4dca56bf61c22dece81226a1907d5e0cebc09b8 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 1 May 2020 06:28:30 +0200 Subject: [PATCH 1/2] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- package.json | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/package.json b/package.json index e0af0ec..e242ffd 100644 --- a/package.json +++ b/package.json @@ -7,7 +7,9 @@ "lint": "npx solium -d contracts/", "compile": "npx truffle compile", "test": "./test/test.sh", - "test:coverage": "SOLIDITY_COVERAGE=true ./test/test.sh" + "test:coverage": "SOLIDITY_COVERAGE=true ./test/test.sh", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" }, "author": "Dr Maxim Orlovsky ", "contributors": [ @@ -38,6 +40,8 @@ "license": "MIT", "dependencies": { "babel-register": "6.26.0", - "web3": "1.0.0-beta.37" - } + "web3": "1.0.0-beta.37", + "snyk": "^1.316.1" + }, + "snyk": true } From 9114fa4237c603515db97ff137251acd33c12580 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 1 May 2020 06:28:31 +0200 Subject: [PATCH 2/2] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- .snyk | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..83ac9fa --- /dev/null +++ b/.snyk @@ -0,0 +1,38 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.14.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - babel-register > lodash: + patched: '2020-05-01T04:27:37.773Z' + - babel-register > babel-core > lodash: + patched: '2020-05-01T04:27:37.773Z' + - babel-register > babel-core > babel-types > lodash: + patched: '2020-05-01T04:27:37.773Z' + - babel-register > babel-core > babel-generator > lodash: + patched: '2020-05-01T04:27:37.773Z' + - babel-register > babel-core > babel-traverse > lodash: + patched: '2020-05-01T04:27:37.773Z' + - babel-register > babel-core > babel-template > lodash: + patched: '2020-05-01T04:27:37.773Z' + - babel-register > babel-core > babel-register > lodash: + patched: '2020-05-01T04:27:37.773Z' + - babel-register > babel-core > babel-generator > babel-types > lodash: + patched: '2020-05-01T04:27:37.773Z' + - babel-register > babel-core > babel-traverse > babel-types > lodash: + patched: '2020-05-01T04:27:37.773Z' + - babel-register > babel-core > babel-template > babel-types > lodash: + patched: '2020-05-01T04:27:37.773Z' + - babel-register > babel-core > babel-template > babel-traverse > lodash: + patched: '2020-05-01T04:27:37.773Z' + - babel-register > babel-core > babel-helpers > babel-template > lodash: + patched: '2020-05-01T04:27:37.773Z' + - babel-register > babel-core > babel-template > babel-traverse > babel-types > lodash: + patched: '2020-05-01T04:27:37.773Z' + - babel-register > babel-core > babel-helpers > babel-template > babel-types > lodash: + patched: '2020-05-01T04:27:37.773Z' + - babel-register > babel-core > babel-helpers > babel-template > babel-traverse > lodash: + patched: '2020-05-01T04:27:37.773Z' + - babel-register > babel-core > babel-helpers > babel-template > babel-traverse > babel-types > lodash: + patched: '2020-05-01T04:27:37.773Z'