From 32a156f8b2ccb3920144b3f9d1fada2e4482517d Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 23 Jun 2022 20:28:25 +0000 Subject: [PATCH] fix: package.json & yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-GOT-2932019 --- package.json | 2 +- yarn.lock | 135 +++------------------------------------------------ 2 files changed, 8 insertions(+), 129 deletions(-) diff --git a/package.json b/package.json index adbc551..ad1de61 100644 --- a/package.json +++ b/package.json @@ -48,7 +48,7 @@ "graphql": "^14.6.0", "graphql-type-json": "^0.3.1", "shelljs": "^0.8.3", - "snyk": "^1.335.0", + "snyk": "^1.680.0", "tar": "^6.0.1", "tar-fs": "^2.0.0", "tar-stream": "^2.1.0" diff --git a/yarn.lock b/yarn.lock index 4111396..8540c9b 100644 --- a/yarn.lock +++ b/yarn.lock @@ -580,14 +580,6 @@ dependencies: tslib "^1.9.3" -"@snyk/cli-interface@2.6.0": - version "2.6.0" - resolved "https://registry.yarnpkg.com/@snyk/cli-interface/-/cli-interface-2.6.0.tgz#e64a00af0304b2055fe786f17325346cacdd4912" - integrity sha512-jtk0gf80v4mFyDqaQNokD8GOPMTXpIUL35ewg6jtmuZw41xt56WF9kqCjiiViSRRRYA0RK+RuiVfmJA5pxvMUQ== - dependencies: - "@snyk/graphlib" "2.1.9-patch" - tslib "^1.9.3" - "@snyk/cli-interface@2.8.0", "@snyk/cli-interface@^2.0.3": version "2.8.0" resolved "https://registry.yarnpkg.com/@snyk/cli-interface/-/cli-interface-2.8.0.tgz#ee5b45b7c75942163875b29e712c44f9d7f36bb3" @@ -700,36 +692,11 @@ temp-dir "^2.0.0" tslib "^1.9.3" -"@snyk/java-call-graph-builder@1.8.1": - version "1.8.1" - resolved "https://registry.yarnpkg.com/@snyk/java-call-graph-builder/-/java-call-graph-builder-1.8.1.tgz#89505a495de73dad22e69bf3d96572e6bd6b925f" - integrity sha512-2G96dChYYXV73G8y9U0fi45dH6ybOjUSRBTJrMnmNkHJoOp1bzz8L4p5rkRypHQqr4SBS1EdCQeRw1eWRLm+Lg== - dependencies: - "@snyk/graphlib" "2.1.9-patch" - "@snyk/lodash" "4.17.15-patch" - ci-info "^2.0.0" - debug "^4.1.1" - glob "^7.1.6" - jszip "^3.2.2" - needle "^2.3.3" - progress "^2.0.3" - snyk-config "^3.0.0" - source-map-support "^0.5.7" - temp-dir "^2.0.0" - tslib "^1.9.3" - "@snyk/lodash@4.17.15-patch", "@snyk/lodash@^4.17.15-patch": version "4.17.15-patch" resolved "https://registry.yarnpkg.com/@snyk/lodash/-/lodash-4.17.15-patch.tgz#fb61af14b75d10a20015b40af5d0423944af89dc" integrity sha512-e4+t34bGyjjRnwXwI14hqye9J/nRbG9iwaqTgXWHskm5qC+iK0UrjgYdWXiHJCf3Plbpr+1rpW+4LPzZnCGMhQ== -"@snyk/rpm-parser@^1.1.0": - version "1.2.0" - resolved "https://registry.yarnpkg.com/@snyk/rpm-parser/-/rpm-parser-1.2.0.tgz#e3dde9bdf9debc26203cac22bf5a4d9f5451c5e7" - integrity sha512-9D2Vjg9LAONz9hHNPd/ORYF5Mv1Yw/uhJpJbwI3YRxKjlB3JY2UNLSVl1XWWr03hA1M+3rNAwVeOZNm3IJajgw== - dependencies: - event-loop-spinner "1.1.0" - "@snyk/rpm-parser@^2.0.0": version "2.0.0" resolved "https://registry.yarnpkg.com/@snyk/rpm-parser/-/rpm-parser-2.0.0.tgz#4ded7fa4b0a8efca7699359e4ca7a79bfbe38bc1" @@ -3371,7 +3338,7 @@ etag@~1.8.1: resolved "https://registry.yarnpkg.com/etag/-/etag-1.8.1.tgz#41ae2eeb65efa62268aebfea83ac7d79299b0887" integrity sha1-Qa4u62XvpiJorr/qg6x9eSmbCIc= -event-loop-spinner@1.1.0, event-loop-spinner@^1.1.0: +event-loop-spinner@^1.1.0: version "1.1.0" resolved "https://registry.yarnpkg.com/event-loop-spinner/-/event-loop-spinner-1.1.0.tgz#96de9c70e6e2b0b3e257b0901e25e792e3c9c8d0" integrity sha512-YVFs6dPpZIgH665kKckDktEVvSBccSYJmoZUfhNUdv5d3Xv+Q+SKF4Xis1jolq9aBzuW1ZZhQh/m/zU/TPdDhw== @@ -5842,7 +5809,7 @@ ncp@1.0.x: resolved "https://registry.yarnpkg.com/ncp/-/ncp-1.0.1.tgz#d15367e5cb87432ba117d2bf80fdf45aecfb4246" integrity sha1-0VNn5cuHQyuhF9K/gP30Wuz7QkY= -needle@^2.3.3, needle@^2.4.0, needle@^2.5.0: +needle@^2.3.3, needle@^2.5.0: version "2.5.0" resolved "https://registry.yarnpkg.com/needle/-/needle-2.5.0.tgz#e6fc4b3cc6c25caed7554bd613a5cf0bac8c31c0" integrity sha512-o/qITSDR0JCyCKEQ1/1bnUXMmznxabbwi/Y4WwJElf+evwJNFNwIDMCCt5IigFVxgeGBJESLohGtIS9gEzo1fA== @@ -7351,22 +7318,6 @@ snyk-docker-plugin@3.12.3: tar-stream "^2.1.0" tslib "^1" -snyk-docker-plugin@3.6.3: - version "3.6.3" - resolved "https://registry.yarnpkg.com/snyk-docker-plugin/-/snyk-docker-plugin-3.6.3.tgz#91d52417a4de010071b739d8900e3f0f7a98ab98" - integrity sha512-+9pQc9+tetzMiUIV42WA3LAUkrZh6hhkhURv1X4kKyo2c1C8PSbCmpvycx/irilzfmH7dqBv0RXmb4vONPBXHA== - dependencies: - "@snyk/rpm-parser" "^1.1.0" - debug "^4.1.1" - docker-modem "2.1.3" - dockerfile-ast "0.0.19" - event-loop-spinner "^1.1.0" - gunzip-maybe "^1.4.2" - semver "^6.1.0" - snyk-nodejs-lockfile-parser "1.22.0" - tar-stream "^2.1.0" - tslib "^1" - snyk-go-parser@1.4.1: version "1.4.1" resolved "https://registry.yarnpkg.com/snyk-go-parser/-/snyk-go-parser-1.4.1.tgz#df16a5fbd7a517ee757268ef081abc33506c8857" @@ -7386,19 +7337,6 @@ snyk-go-plugin@1.14.2: tmp "0.1.0" tslib "^1.10.0" -snyk-gradle-plugin@3.4.0: - version "3.4.0" - resolved "https://registry.yarnpkg.com/snyk-gradle-plugin/-/snyk-gradle-plugin-3.4.0.tgz#9a01b07f3dc68fe7c7ff203a151042b32ec7dab0" - integrity sha512-J/yABmPJstHir++eFw65amm0Y0C7b9WH+tW4Tm90Lo3dj+p/9JDMuVimzHXpkwmkIZI2RPd58igs5XdSDFh6Aw== - dependencies: - "@snyk/cli-interface" "2.3.2" - "@snyk/dep-graph" "^1.17.0" - "@types/debug" "^4.1.4" - chalk "^3.0.0" - debug "^4.1.1" - tmp "0.2.1" - tslib "^2.0.0" - snyk-gradle-plugin@3.5.0: version "3.5.0" resolved "https://registry.yarnpkg.com/snyk-gradle-plugin/-/snyk-gradle-plugin-3.5.0.tgz#6e3280ef8b4965978fa7cd4664480b23234e1049" @@ -7438,18 +7376,6 @@ snyk-module@^2.0.2: debug "^3.1.0" hosted-git-info "^2.7.1" -snyk-mvn-plugin@2.15.2: - version "2.15.2" - resolved "https://registry.yarnpkg.com/snyk-mvn-plugin/-/snyk-mvn-plugin-2.15.2.tgz#ed0692c90495e39013016c8b03f5589d37d35b9c" - integrity sha512-2TTRizQxfUrA9w0pjxxsvGE+FgFSgog2wwpm378jNiKAZazGgV0txVMM4CoZJMz/tbUmzaJSS8DMQe1C7wlBFQ== - dependencies: - "@snyk/cli-interface" "2.5.0" - "@snyk/java-call-graph-builder" "1.8.1" - debug "^4.1.1" - needle "^2.4.0" - tmp "^0.1.0" - tslib "1.11.1" - snyk-mvn-plugin@2.17.1: version "2.17.1" resolved "https://registry.yarnpkg.com/snyk-mvn-plugin/-/snyk-mvn-plugin-2.17.1.tgz#b156709905036ed808b71bd5e682d99a681c153c" @@ -7588,58 +7514,6 @@ snyk-try-require@1.3.1, snyk-try-require@^1.1.1, snyk-try-require@^1.3.1: lru-cache "^4.0.0" then-fs "^2.0.0" -snyk@^1.335.0: - version "1.336.0" - resolved "https://registry.yarnpkg.com/snyk/-/snyk-1.336.0.tgz#674056ea4f444d33cc23263845eea903d60b686c" - integrity sha512-Dzk2xpaHZahZmjM8s3VHRPJgU1q28MAZr1TfnuRLIGDRT4eRiUdiFWdFMC6xqto7VJGJr31HYn1Di4Luv/1Bgg== - dependencies: - "@snyk/cli-interface" "2.6.0" - "@snyk/dep-graph" "1.18.3" - "@snyk/gemfile" "1.2.0" - "@snyk/graphlib" "2.1.9-patch" - "@snyk/inquirer" "6.2.2-patch" - "@snyk/lodash" "^4.17.15-patch" - "@snyk/ruby-semver" "2.2.0" - "@snyk/snyk-cocoapods-plugin" "2.3.0" - abbrev "^1.1.1" - ansi-escapes "3.2.0" - chalk "^2.4.2" - cli-spinner "0.2.10" - configstore "^5.0.1" - debug "^3.1.0" - diff "^4.0.1" - glob "^7.1.3" - ipaddr.js "^1.9.1" - needle "^2.5.0" - open "^7.0.3" - os-name "^3.0.0" - proxy-agent "^3.1.1" - proxy-from-env "^1.0.0" - semver "^6.0.0" - snyk-config "3.1.0" - snyk-docker-plugin "3.6.3" - snyk-go-plugin "1.14.2" - snyk-gradle-plugin "3.4.0" - snyk-module "3.1.0" - snyk-mvn-plugin "2.15.2" - snyk-nodejs-lockfile-parser "1.22.0" - snyk-nuget-plugin "1.18.1" - snyk-php-plugin "1.9.0" - snyk-policy "1.14.1" - snyk-python-plugin "1.17.1" - snyk-resolve "1.0.1" - snyk-resolve-deps "4.4.0" - snyk-sbt-plugin "2.11.0" - snyk-tree "^1.0.0" - snyk-try-require "1.3.1" - source-map-support "^0.5.11" - strip-ansi "^5.2.0" - tempfile "^2.0.0" - then-fs "^2.0.0" - update-notifier "^4.1.0" - uuid "^3.3.2" - wrap-ansi "^5.1.0" - snyk@^1.345.1: version "1.345.1" resolved "https://registry.yarnpkg.com/snyk/-/snyk-1.345.1.tgz#f2b4466ce2fc33080502c452fced418d6856a5a1" @@ -7692,6 +7566,11 @@ snyk@^1.345.1: uuid "^3.3.2" wrap-ansi "^5.1.0" +snyk@^1.680.0: + version "1.958.0" + resolved "https://registry.yarnpkg.com/snyk/-/snyk-1.958.0.tgz#74952203080d570267f83b1ef2344520eef2667c" + integrity sha512-TyZzIRlel6Lolm+tC2vvVH1Jkv9yHdbHn86bZ+7jaUzIKKL0SQRpUCdQHx1EENJks8AnnBse7SY3acGt2PG7XQ== + socks-proxy-agent@^4.0.1: version "4.0.2" resolved "https://registry.yarnpkg.com/socks-proxy-agent/-/socks-proxy-agent-4.0.2.tgz#3c8991f3145b2799e70e11bd5fbc8b1963116386"