From d19d2b2c6f476218790743cb4adc352b6065c267 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 1 Sep 2023 13:49:24 +0000 Subject: [PATCH] fix: package.json, yarn.lock & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:extend:20180424 - https://snyk.io/vuln/npm:stringstream:20180511 --- .snyk | 19 ++++++++ package.json | 134 ++++++++++++++++++++++++++------------------------- yarn.lock | 5 ++ 3 files changed, 93 insertions(+), 65 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..b303cd6 --- /dev/null +++ b/.snyk @@ -0,0 +1,19 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.25.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:extend:20180424': + - next > webpack > watchpack > chokidar > fsevents > node-pre-gyp > request > extend: + patched: '2023-09-01T13:48:44.028Z' + id: 'npm:extend:20180424' + path: >- + next > webpack > watchpack > chokidar > fsevents > node-pre-gyp > + request > extend + 'npm:stringstream:20180511': + - next > webpack > watchpack > chokidar > fsevents > node-pre-gyp > request > stringstream: + patched: '2023-09-01T13:48:44.028Z' + id: 'npm:stringstream:20180511' + path: >- + next > webpack > watchpack > chokidar > fsevents > node-pre-gyp > + request > stringstream diff --git a/package.json b/package.json index ed14a84..1ecf35a 100644 --- a/package.json +++ b/package.json @@ -1,68 +1,72 @@ { - "name": "nimbletank-nextjs-boilerplate", - "version": "0.0.0", - "description": "Next.js Boilerplate for Nimbletank projects", - "main": "index.js", - "scripts": { - "dev": "next", - "build": "next build", - "start": "next start", - "test": "jest", - "test:watch": "jest --watch", - "test:coverage": "jest --coverage", - "format:js": "prettier-standard 'components/**/*.js' 'pages/**/*.js' '.storybook/**/*.js' 'layouts/**/*.js'", - "lint:js": "standard", - "precommit": "lint-staged", - "storybook:run": "BABEL_ENV=test start-storybook -s ./static -p 9001 -c .storybook", - "storybook:build": "BABEL_ENV=test build-storybook -s ./static -c .storybook -o .out" - }, - "lint-staged": { - "linters": { - "(components|pages|.storybook)/**/*.js": [ - "prettier-standard", - "test", - "git add" - ] - } - }, - "keywords": [ - "react", - "react.js", - "next.js" - ], - "author": "Zander Martineau", - "license": "MIT", - "dependencies": { - "axios": "^0.17.1", - "design-system-utils": "^0.10.0", - "emotion": "^8.0.11", - "emotion-server": "^8.0.11", - "emotion-theming": "^8.0.11", - "next": "^4.1.4", - "polished": "^1.9.0", - "react": "^16.1.1", - "react-dom": "^16.0.0", - "react-emotion": "^8.0.11", - "styled-system": "^1.0.8" - }, - "devDependencies": { - "@storybook/addon-actions": "^3.2.6", - "@storybook/addon-info": "^3.2.14", - "@storybook/addon-knobs": "^3.2.14", - "@storybook/addon-options": "^3.2.6", - "@storybook/react": "^3.2.8", - "babel-plugin-emotion": "^8.0.11", - "babel-plugin-inline-react-svg": "^0.5.1", - "enzyme": "^3.1.1", - "enzyme-to-json": "^3.2.2", - "eslint": "^4.10.0", - "husky": "^0.14.3", - "jest": "^21.2.1", - "lint-staged": "^5.0.0", - "prettier": "^1.8.0", - "prettier-standard": "^7.0.3", - "react-test-renderer": "^16.0.0", - "storybook-addon-jsx": "^5.0.0", - "storybook-readme": "3.1.1" + "name": "nimbletank-nextjs-boilerplate", + "version": "0.0.0", + "description": "Next.js Boilerplate for Nimbletank projects", + "main": "index.js", + "scripts": { + "dev": "next", + "build": "next build", + "start": "next start", + "test": "jest", + "test:watch": "jest --watch", + "test:coverage": "jest --coverage", + "format:js": "prettier-standard 'components/**/*.js' 'pages/**/*.js' '.storybook/**/*.js' 'layouts/**/*.js'", + "lint:js": "standard", + "precommit": "lint-staged", + "storybook:run": "BABEL_ENV=test start-storybook -s ./static -p 9001 -c .storybook", + "storybook:build": "BABEL_ENV=test build-storybook -s ./static -c .storybook -o .out", + "prepare": "yarn run snyk-protect", + "snyk-protect": "snyk-protect" + }, + "lint-staged": { + "linters": { + "(components|pages|.storybook)/**/*.js": [ + "prettier-standard", + "test", + "git add" + ] } + }, + "keywords": [ + "react", + "react.js", + "next.js" + ], + "author": "Zander Martineau", + "license": "MIT", + "dependencies": { + "axios": "^0.17.1", + "design-system-utils": "^0.10.0", + "emotion": "^8.0.11", + "emotion-server": "^8.0.11", + "emotion-theming": "^8.0.11", + "next": "^4.1.4", + "polished": "^1.9.0", + "react": "^16.1.1", + "react-dom": "^16.0.0", + "react-emotion": "^8.0.11", + "styled-system": "^1.0.8", + "@snyk/protect": "latest" + }, + "devDependencies": { + "@storybook/addon-actions": "^3.2.6", + "@storybook/addon-info": "^3.2.14", + "@storybook/addon-knobs": "^3.2.14", + "@storybook/addon-options": "^3.2.6", + "@storybook/react": "^3.2.8", + "babel-plugin-emotion": "^8.0.11", + "babel-plugin-inline-react-svg": "^0.5.1", + "enzyme": "^3.1.1", + "enzyme-to-json": "^3.2.2", + "eslint": "^4.10.0", + "husky": "^0.14.3", + "jest": "^21.2.1", + "lint-staged": "^5.0.0", + "prettier": "^1.8.0", + "prettier-standard": "^7.0.3", + "react-test-renderer": "^16.0.0", + "storybook-addon-jsx": "^5.0.0", + "storybook-readme": "3.1.1" + }, + "snyk": true } diff --git a/yarn.lock b/yarn.lock index 65e9ad4..161b667 100644 --- a/yarn.lock +++ b/yarn.lock @@ -114,6 +114,11 @@ version "10.2.1" resolved "https://registry.yarnpkg.com/@sheerun/eslint-config-standard/-/eslint-config-standard-10.2.1.tgz#7d73397369c396b3625cab6ec313f6d4208300ef" +"@snyk/protect@^1.1209.0": + version "1.1209.0" + resolved "https://registry.yarnpkg.com/@snyk/protect/-/protect-1.1209.0.tgz#9e938362cf684576ead289916274cf8bd5f4e0ce" + integrity sha512-E370Imyh7tnkgaYJdjL+Skb7thgcPcSiIISbUhA6/ZtjKGzGLveLXGAjID9nQlizoO+P+D3UfssnE16GJZjWPw== + "@storybook/addon-actions@^3.2.17", "@storybook/addon-actions@^3.2.6": version "3.2.17" resolved "https://registry.yarnpkg.com/@storybook/addon-actions/-/addon-actions-3.2.17.tgz#e85d38f743125157fdaf6669708e089bc2008e50"