From cc0d385116e3577256996a12c5900ad6f06c586b Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Mon, 4 May 2020 07:26:44 +0300 Subject: [PATCH 1/2] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 49a3046a..f61ca171 100644 --- a/package.json +++ b/package.json @@ -46,7 +46,7 @@ "socketio-sticky-session": "^0.4.1", "swig": "^1.3.2", "uglify-js": "^2.7.0", - "snyk": "^1.17.5" + "snyk": "^1.317.0" }, "devDependencies": { "chai": "^3.5.0", From a5282b5e94381d7180b2e099b50a1d2ad1961405 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Mon, 4 May 2020 07:26:45 +0300 Subject: [PATCH 2/2] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- .snyk | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/.snyk b/.snyk index b65c2306..649bbeb8 100644 --- a/.snyk +++ b/.snyk @@ -1,6 +1,21 @@ -version: v1.5.0 +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.14.1 ignore: {} +# patches apply the minimum changes required to fix a vulnerability patch: 'npm:uglify-js:20151024': - swig > uglify-js: patched: '2016-07-04T07:52:36.120Z' + SNYK-JS-LODASH-567746: + - lodash: + patched: '2020-05-04T04:26:42.261Z' + - assetmanager > lodash: + patched: '2020-05-04T04:26:42.261Z' + - mongoose > async > lodash: + patched: '2020-05-04T04:26:42.261Z' + - assetmanager > grunt > grunt-legacy-log > lodash: + patched: '2020-05-04T04:26:42.261Z' + - assetmanager > grunt > grunt-legacy-util > lodash: + patched: '2020-05-04T04:26:42.261Z' + - assetmanager > grunt > grunt-legacy-log > grunt-legacy-log-utils > lodash: + patched: '2020-05-04T04:26:42.261Z'