From f21b701141a40cb1de7603cd7391b7e9ccaaf67a Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 1 May 2020 03:52:26 +0100 Subject: [PATCH 1/2] fix: packages/react-dev-utils/package.json & packages/react-dev-utils/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- packages/react-dev-utils/package.json | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/packages/react-dev-utils/package.json b/packages/react-dev-utils/package.json index 54606f33fe8..0a18409bc55 100644 --- a/packages/react-dev-utils/package.json +++ b/packages/react-dev-utils/package.json @@ -53,12 +53,16 @@ "shell-quote": "1.6.1", "sockjs-client": "1.1.4", "strip-ansi": "3.0.1", - "text-table": "0.2.0" + "text-table": "0.2.0", + "snyk": "^1.316.1" }, "devDependencies": { "jest": "20.0.4" }, "scripts": { - "test": "jest" - } + "test": "jest", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" + }, + "snyk": true } From ff63220ff4d78fbc5040c86d15ca9dc775994c45 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 1 May 2020 03:52:27 +0100 Subject: [PATCH 2/2] fix: packages/react-dev-utils/package.json & packages/react-dev-utils/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- packages/react-dev-utils/.snyk | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 packages/react-dev-utils/.snyk diff --git a/packages/react-dev-utils/.snyk b/packages/react-dev-utils/.snyk new file mode 100644 index 00000000000..5612be0cf7c --- /dev/null +++ b/packages/react-dev-utils/.snyk @@ -0,0 +1,8 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.14.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - inquirer > lodash: + patched: '2020-05-01T02:52:24.453Z'