From 2eb53f25cab9f5901c7ac970c79d5c628bea2e9e Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 24 Dec 2021 15:05:01 +0000 Subject: [PATCH] fix: docs/package.json & docs/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - http://localhost:8000/vuln/SNYK-JS-ANSIREGEX-1583908 - http://localhost:8000/vuln/SNYK-JS-BROWSERSLIST-1090194 - http://localhost:8000/vuln/SNYK-JS-EJS-1049328 - http://localhost:8000/vuln/SNYK-JS-HTTPPROXY-569139 - http://localhost:8000/vuln/SNYK-JS-LODASH-1018905 - http://localhost:8000/vuln/SNYK-JS-LODASH-1040724 - http://localhost:8000/vuln/SNYK-JS-LODASH-567746 - http://localhost:8000/vuln/SNYK-JS-LODASH-590103 - http://localhost:8000/vuln/SNYK-JS-LODASH-608086 - http://localhost:8000/vuln/SNYK-JS-MARKDOWNTOJSX-570059 - http://localhost:8000/vuln/SNYK-JS-MARKED-584281 - http://localhost:8000/vuln/SNYK-JS-MINIMIST-559764 - http://localhost:8000/vuln/SNYK-JS-NEXT-1540422 - http://localhost:8000/vuln/SNYK-JS-NEXT-561584 - http://localhost:8000/vuln/SNYK-JS-NODEFETCH-674311 - http://localhost:8000/vuln/SNYK-JS-OBJECTPATH-1017036 - http://localhost:8000/vuln/SNYK-JS-OBJECTPATH-1569453 - http://localhost:8000/vuln/SNYK-JS-OBJECTPATH-1585658 - http://localhost:8000/vuln/SNYK-JS-PATHPARSE-1077067 - http://localhost:8000/vuln/SNYK-JS-POSTCSS-1090595 - http://localhost:8000/vuln/SNYK-JS-POSTCSS-1255640 - http://localhost:8000/vuln/SNYK-JS-PRISMJS-1076581 - http://localhost:8000/vuln/SNYK-JS-PRISMJS-1314893 - http://localhost:8000/vuln/SNYK-JS-PRISMJS-1585202 - http://localhost:8000/vuln/SNYK-JS-PRISMJS-597628 The following vulnerabilities are fixed with a Snyk patch: - http://localhost:8000/vuln/SNYK-JS-LODASH-567746 --- docs/.snyk | 70 +++++++++++++++++++++++++++++++++++++++++++++++ docs/package.json | 24 +++++++++------- 2 files changed, 84 insertions(+), 10 deletions(-) create mode 100644 docs/.snyk diff --git a/docs/.snyk b/docs/.snyk new file mode 100644 index 00000000000000..bbb6b4c39804bf --- /dev/null +++ b/docs/.snyk @@ -0,0 +1,70 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.22.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - '@babel/core > lodash': + patched: '2021-12-24T15:04:59.697Z' + - babel-plugin-optimize-clsx > lodash: + patched: '2021-12-24T15:04:59.697Z' + - recharts > lodash: + patched: '2021-12-24T15:04:59.697Z' + - webpack-bundle-analyzer > lodash: + patched: '2021-12-24T15:04:59.697Z' + - '@babel/core > @babel/helper-module-transforms > lodash': + patched: '2021-12-24T15:04:59.697Z' + - babel-plugin-optimize-clsx > @babel/generator > lodash: + patched: '2021-12-24T15:04:59.697Z' + - styled-components > @babel/traverse > lodash: + patched: '2021-12-24T15:04:59.697Z' + - react-docgen > @babel/core > lodash: + patched: '2021-12-24T15:04:59.697Z' + - next > autodll-webpack-plugin > lodash: + patched: '2021-12-24T15:04:59.697Z' + - next > babel-plugin-transform-define > lodash: + patched: '2021-12-24T15:04:59.697Z' + - recharts > react-smooth > lodash: + patched: '2021-12-24T15:04:59.697Z' + - styled-components > babel-plugin-styled-components > lodash: + patched: '2021-12-24T15:04:59.697Z' + - '@babel/core > @babel/helpers > @babel/traverse > lodash': + patched: '2021-12-24T15:04:59.697Z' + - babel-plugin-optimize-clsx > @babel/template > @babel/types > lodash: + patched: '2021-12-24T15:04:59.697Z' + - styled-components > @babel/traverse > @babel/generator > lodash: + patched: '2021-12-24T15:04:59.697Z' + - react-docgen > @babel/core > @babel/helper-module-transforms > lodash: + patched: '2021-12-24T15:04:59.697Z' + - next > styled-jsx > @babel/types > lodash: + patched: '2021-12-24T15:04:59.697Z' + - next > autodll-webpack-plugin > webpack-merge > lodash: + patched: '2021-12-24T15:04:59.697Z' + - '@babel/core > @babel/helper-module-transforms > @babel/helper-replace-supers > @babel/traverse > lodash': + patched: '2021-12-24T15:04:59.697Z' + - styled-components > @babel/traverse > @babel/helper-split-export-declaration > @babel/types > lodash: + patched: '2021-12-24T15:04:59.697Z' + - react-docgen > @babel/core > @babel/helpers > @babel/traverse > lodash: + patched: '2021-12-24T15:04:59.697Z' + - '@emotion/styled > babel-plugin-emotion > @babel/helper-module-imports > @babel/types > lodash': + patched: '2021-12-24T15:04:59.697Z' + - styled-components > babel-plugin-styled-components > @babel/helper-annotate-as-pure > @babel/types > lodash: + patched: '2021-12-24T15:04:59.697Z' + - '@babel/core > @babel/helper-module-transforms > @babel/helper-replace-supers > @babel/traverse > @babel/generator > lodash': + patched: '2021-12-24T15:04:59.697Z' + - react-docgen > @babel/core > @babel/helper-module-transforms > @babel/helper-replace-supers > @babel/traverse > lodash: + patched: '2021-12-24T15:04:59.697Z' + - '@emotion/core > @emotion/css > babel-plugin-emotion > @babel/helper-module-imports > @babel/types > lodash': + patched: '2021-12-24T15:04:59.697Z' + - styled-components > @babel/traverse > @babel/helper-function-name > @babel/template > @babel/types > lodash: + patched: '2021-12-24T15:04:59.697Z' + - '@babel/core > @babel/helper-module-transforms > @babel/helper-replace-supers > @babel/traverse > @babel/helper-split-export-declaration > @babel/types > lodash': + patched: '2021-12-24T15:04:59.697Z' + - react-docgen > @babel/core > @babel/helper-module-transforms > @babel/helper-replace-supers > @babel/traverse > @babel/generator > lodash: + patched: '2021-12-24T15:04:59.697Z' + - react-docgen > @babel/core > @babel/helper-module-transforms > @babel/helper-replace-supers > @babel/traverse > @babel/helper-split-export-declaration > @babel/types > lodash: + patched: '2021-12-24T15:04:59.697Z' + - '@babel/core > @babel/helper-module-transforms > @babel/helper-replace-supers > @babel/traverse > @babel/helper-function-name > @babel/template > @babel/types > lodash': + patched: '2021-12-24T15:04:59.697Z' + - react-docgen > @babel/core > @babel/helper-module-transforms > @babel/helper-replace-supers > @babel/traverse > @babel/helper-function-name > @babel/template > @babel/types > lodash: + patched: '2021-12-24T15:04:59.697Z' diff --git a/docs/package.json b/docs/package.json index 604aeb5aeb49e6..32df412d4b2f7a 100644 --- a/docs/package.json +++ b/docs/package.json @@ -15,7 +15,9 @@ "start": "next start", "typescript": "tsc -p tsconfig.json", "typescript:transpile": "node scripts/formattedTSDemos", - "typescript:transpile:dev": "node scripts/formattedTSDemos --watch" + "typescript:transpile:dev": "node scripts/formattedTSDemos --watch", + "prepare": "yarn run snyk-protect", + "snyk-protect": "snyk-protect" }, "dependencies": { "@babel/core": "^7.9.6", @@ -61,7 +63,7 @@ "clsx": "^1.0.4", "core-js": "^2.6.11", "cross-env": "^7.0.0", - "cross-fetch": "^3.0.4", + "cross-fetch": "^3.0.6", "css-loader": "^3.1.0", "css-mediaquery": "^0.1.2", "date-fns": "2.13.0", @@ -76,17 +78,17 @@ "jss": "^10.0.3", "jss-plugin-template": "^10.0.3", "jss-rtl": "^0.3.0", - "lodash": "^4.17.15", + "lodash": "^4.17.21", "lz-string": "^1.4.4", - "markdown-to-jsx": "^6.10.2", - "marked": "^1.0.0", + "markdown-to-jsx": "^6.11.4", + "marked": "^1.1.1", "material-table": "^1.50.0", "material-ui-popup-state": "^1.4.1", - "next": "^9.3.0", + "next": "^11.1.0", "notistack": "^0.9.3", "nprogress": "^0.2.0", - "postcss": "^7.0.18", - "prismjs": "^1.17.1", + "postcss": "^7.0.36", + "prismjs": "^1.25.0", "prop-types": "^15.7.2", "raw-loader": "^1.0.0", "react": "^16.13.0", @@ -113,7 +115,8 @@ "url-loader": "^2.1.0", "webfontloader": "^1.6.28", "webpack": "^4.41.0", - "webpack-bundle-analyzer": "^3.5.1" + "webpack-bundle-analyzer": "^4.0.0", + "@snyk/protect": "latest" }, "devDependencies": { "@babel/plugin-transform-react-constant-elements": "^7.8.3", @@ -121,5 +124,6 @@ "babel-plugin-unwrap-createstyles": "^4.1.0", "cpy-cli": "^3.0.0", "gm": "^1.23.0" - } + }, + "snyk": true }