From d0184dc7160ec8bec9c854443de114385e9aed3f Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 1 May 2020 00:37:07 +0300 Subject: [PATCH 1/2] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 3bc7abf5..6ce7348e 100644 --- a/package.json +++ b/package.json @@ -32,7 +32,7 @@ "rand-token": "0.4.0", "sendgrid": "5.2.3", "should": "^13.2.3", - "snyk": "^1.279.1", + "snyk": "^1.316.1", "supertest": "^4.0.2", "swagger-express-mw": "^0.7.0", "swagger-tools": "^0.10.4", From e1bdf6856bf0e5f4ed95db57458367c6f0579a1b Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 1 May 2020 00:37:08 +0300 Subject: [PATCH 2/2] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- .snyk | 51 ++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 50 insertions(+), 1 deletion(-) diff --git a/.snyk b/.snyk index 6e5b49db..cd2ab1cf 100644 --- a/.snyk +++ b/.snyk @@ -1,5 +1,5 @@ # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. -version: v1.14.0 +version: v1.14.1 ignore: {} # patches apply the minimum changes required to fix a vulnerability patch: @@ -32,3 +32,52 @@ patch: patched: '2020-01-22T20:53:10.872Z' - snyk > @snyk/snyk-cocoapods-plugin > @snyk/cocoapods-lockfile-parser > @snyk/dep-graph > graphlib > lodash: patched: '2020-01-22T20:53:10.872Z' + SNYK-JS-LODASH-567746: + - swagger-tools > lodash: + patched: '2020-04-30T21:36:52.619Z' + - snyk > inquirer > lodash: + patched: '2020-04-30T21:36:52.619Z' + - snyk > snyk-config > lodash: + patched: '2020-04-30T21:36:52.619Z' + - swagger-tools > async > lodash: + patched: '2020-04-30T21:36:52.619Z' + - swagger-tools > json-refs > lodash: + patched: '2020-04-30T21:36:52.619Z' + - snyk > @snyk/dep-graph > graphlib > lodash: + patched: '2020-04-30T21:36:52.619Z' + - snyk > snyk-go-plugin > graphlib > lodash: + patched: '2020-04-30T21:36:52.619Z' + - snyk > snyk-nodejs-lockfile-parser > graphlib > lodash: + patched: '2020-04-30T21:36:52.619Z' + - swagger-tools > json-refs > graphlib > lodash: + patched: '2020-04-30T21:36:52.619Z' + - snyk > snyk-nuget-plugin > dotnet-deps-parser > lodash: + patched: '2020-04-30T21:36:52.619Z' + - swagger-express-mw > swagger-node-runner > sway > lodash: + patched: '2020-04-30T21:36:52.619Z' + - translate-api > request-promise > request-promise-core > lodash: + patched: '2020-04-30T21:36:52.619Z' + - snyk > @snyk/snyk-cocoapods-plugin > @snyk/dep-graph > graphlib > lodash: + patched: '2020-04-30T21:36:52.619Z' + - snyk > @snyk/snyk-cocoapods-plugin > @snyk/cocoapods-lockfile-parser > @snyk/dep-graph > graphlib > lodash: + patched: '2020-04-30T21:36:52.619Z' + - swagger-express-mw > swagger-node-runner > sway > json-refs > graphlib > lodash: + patched: '2020-04-30T21:36:52.619Z' + - snyk > lodash: + patched: '2020-04-30T21:36:52.619Z' + - mongoose > async > lodash: + patched: '2020-04-30T21:36:52.619Z' + - snyk > @snyk/dep-graph > lodash: + patched: '2020-04-30T21:36:52.619Z' + - snyk > snyk-mvn-plugin > lodash: + patched: '2020-04-30T21:36:52.619Z' + - snyk > snyk-nodejs-lockfile-parser > lodash: + patched: '2020-04-30T21:36:52.619Z' + - snyk > snyk-nuget-plugin > lodash: + patched: '2020-04-30T21:36:52.619Z' + - snyk > @snyk/snyk-cocoapods-plugin > @snyk/dep-graph > lodash: + patched: '2020-04-30T21:36:52.619Z' + - snyk > snyk-php-plugin > @snyk/composer-lockfile-parser > lodash: + patched: '2020-04-30T21:36:52.619Z' + - snyk > @snyk/snyk-cocoapods-plugin > @snyk/cocoapods-lockfile-parser > @snyk/ruby-semver > lodash: + patched: '2020-04-30T21:36:52.619Z'