From 54ced09defda4a53b0d77d2bb7566d78df951158 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 17 May 2022 21:12:40 +0000 Subject: [PATCH] fix: package.json, package-lock.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- .snyk | 8 ++++++++ package-lock.json | 9 +++++++-- package.json | 10 +++++++--- 3 files changed, 22 insertions(+), 5 deletions(-) create mode 100644 .snyk mode change 100755 => 100644 package.json diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..296b111 --- /dev/null +++ b/.snyk @@ -0,0 +1,8 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.25.0 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - async > lodash: + patched: '2022-05-17T21:12:37.417Z' diff --git a/package-lock.json b/package-lock.json index 1c2f76a..4e8bfea 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,9 +1,14 @@ { - "name": "Drupal-Mysql-Export", - "version": "0.0.1", + "name": "DrupalMysqlExport", + "version": "1.0.0", "lockfileVersion": 1, "requires": true, "dependencies": { + "@snyk/protect": { + "version": "1.931.0", + "resolved": "https://registry.npmjs.org/@snyk/protect/-/protect-1.931.0.tgz", + "integrity": "sha512-FNgtMWsAbQGpmAw8UX+HOfLcGupXEGDDKWYMQRlgZYy+DIPHb4WUYw6unt1bJCupMC/FS2rXVqqRgCMhoVgcfA==" + }, "@types/geojson": { "version": "7946.0.7", "resolved": "https://registry.npmjs.org/@types/geojson/-/geojson-7946.0.7.tgz", diff --git a/package.json b/package.json old mode 100755 new mode 100644 index c175f6c..59a62de --- a/package.json +++ b/package.json @@ -15,9 +15,13 @@ "request": "^2.88.0", "url": "^0.11.0", "when": "^3.7.7", - "winston": "^2.2.0" + "winston": "^2.2.0", + "@snyk/protect": "latest" }, "scripts": { - "export": "node app.js" - } + "export": "node app.js", + "prepare": "npm run snyk-protect", + "snyk-protect": "snyk-protect" + }, + "snyk": true }