From d39a0770dee2f0ac1fdb87b7a18685b235efdf00 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Mon, 21 Aug 2023 02:29:27 +0000 Subject: [PATCH] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818 - https://snyk.io/vuln/SNYK-JS-MOCHA-2863123 - https://snyk.io/vuln/SNYK-JS-SHELLJS-2332187 - https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- .snyk | 10 ++++++++++ package.json | 16 ++++++++++------ 2 files changed, 20 insertions(+), 6 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 00000000..48d99290 --- /dev/null +++ b/.snyk @@ -0,0 +1,10 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.25.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - solium > lodash: + patched: '2023-08-21T02:29:23.814Z' + id: SNYK-JS-LODASH-567746 + path: solium > lodash diff --git a/package.json b/package.json index 4a9177e9..c60fd176 100644 --- a/package.json +++ b/package.json @@ -6,7 +6,9 @@ "test": "truffle test", "lint": "solium --dir ./contracts", "prepublishOnly": "truffle compile && truffle networks --clean", - "pub": "npm run prepublishOnly && npm publish" + "pub": "npm run prepublishOnly && npm publish", + "prepublish": "npm run snyk-protect", + "snyk-protect": "snyk-protect" }, "main": "index.js", "repository": { @@ -23,13 +25,15 @@ "bluebird": "^3.5.2", "eth-ens-namehash": "^2.0.8", "solc": "^0.5.13", - "testrpc": "0.0.1" + "testrpc": "0.0.1", + "@snyk/protect": "latest" }, "devDependencies": { "@ensdomains/test-utils": "1.3.0", - "solidity-coverage": "^0.4.14", + "solidity-coverage": "^0.6.0", "solium": "^1.0.4", - "web3-utils": "^1.3.0", - "truffle": "^5.1.62" - } + "web3-utils": "^1.3.6", + "truffle": "^5.6.7" + }, + "snyk": true }