From 20d2ad5f1cc48948322ee5d0a12f54999ff92c61 Mon Sep 17 00:00:00 2001
From: Snyk bot <snyk-bot@snyk.io>
Date: Thu, 5 Aug 2021 15:48:48 +0300
Subject: [PATCH] [Snyk] Fix for 4 vulnerabilities (#705)

* fix: package.json & yarn.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AJV-584908
- https://snyk.io/vuln/SNYK-JS-FLAT-596927
- https://snyk.io/vuln/SNYK-JS-LODASH-1018905
- https://snyk.io/vuln/SNYK-JS-LODASH-1040724

* Update package.json

Co-authored-by: eti-codefresh <85868206+eti-codefresh@users.noreply.github.com>
---
 package.json |  8 ++++----
 yarn.lock    | 27 ++++++++++++++++++++++-----
 2 files changed, 26 insertions(+), 9 deletions(-)

diff --git a/package.json b/package.json
index e0cc2d350..977a1fc28 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "codefresh",
-  "version": "0.75.34",
+  "version": "0.75.35",
   "description": "Codefresh command line utility",
   "main": "index.js",
   "preferGlobal": true,
@@ -32,9 +32,9 @@
   "dependencies": {
     "@codefresh-io/docker-reference": "^0.0.5",
     "adm-zip": "^0.5.5",
-    "ajv": "^6.6.1",
+    "ajv": "^6.12.3",
     "bluebird": "^3.5.1",
-    "cf-errors": "^0.1.15",
+    "cf-errors": "^0.1.16",
     "chalk": "^4.1.0",
     "cli-progress": "3.6.0",
     "codefresh-sdk": "^1.9.22",
@@ -52,7 +52,7 @@
     "figlet": "^1.4.0",
     "filesize": "^3.5.11",
     "firebase": "git+https://github.com/codefresh-io/firebase.git#80b2ed883ff281cd67b53bd0f6a0bbd6f330fed5",
-    "flat": "^4.1.0",
+    "flat": "^4.1.1",
     "inquirer": "^7.1.0",
     "js-yaml": "^3.10.0",
     "jsonwebtoken": "^8.1.0",
diff --git a/yarn.lock b/yarn.lock
index 9ffea5a7f..e2d50ce0b 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -265,7 +265,17 @@ ajv@^5.2.3, ajv@^5.3.0:
     fast-json-stable-stringify "^2.0.0"
     json-schema-traverse "^0.3.0"
 
-ajv@^6.5.5, ajv@^6.6.1:
+ajv@^6.12.3:
+  version "6.12.6"
+  resolved "https://registry.yarnpkg.com/ajv/-/ajv-6.12.6.tgz#baf5a62e802b07d977034586f8c3baf5adf26df4"
+  integrity sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==
+  dependencies:
+    fast-deep-equal "^3.1.1"
+    fast-json-stable-stringify "^2.0.0"
+    json-schema-traverse "^0.4.1"
+    uri-js "^4.2.2"
+
+ajv@^6.5.5:
   version "6.12.2"
   resolved "https://registry.yarnpkg.com/ajv/-/ajv-6.12.2.tgz#c629c5eced17baf314437918d2da88c99d5958cd"
   integrity sha512-k+V+hzjm5q/Mr8ef/1Y9goCmlsK4I6Sm74teeyGvFk1XrOsbsKLjEdrvny42CZ+a8sXbk8KWpY/bDwS+FLL2UQ==
@@ -903,6 +913,13 @@ cf-errors@^0.1.15:
   dependencies:
     lodash "4.17.20"
 
+cf-errors@^0.1.16:
+  version "0.1.16"
+  resolved "https://registry.yarnpkg.com/cf-errors/-/cf-errors-0.1.16.tgz#03d0b050ac94762552792907b08bd39d1a012116"
+  integrity sha512-ewA6cTS+bVC32NCxIdEu/5HQ8zb09PV1ubdu0t2yPXs51K31gI78+XGEomVjaXdTbZcGBPVIWhFnG6R/U7K4IQ==
+  dependencies:
+    lodash "^4.17.21"
+
 chalk@2.4.2, chalk@^2.0.0, chalk@^2.0.1, chalk@^2.1.0, chalk@^2.4.2, chalk@~2.4.1:
   version "2.4.2"
   resolved "https://registry.yarnpkg.com/chalk/-/chalk-2.4.2.tgz#cd42541677a54333cf541a49108c1432b44c9424"
@@ -2132,10 +2149,10 @@ flat-cache@^1.2.1:
     rimraf "~2.6.2"
     write "^0.2.1"
 
-flat@^4.1.0:
-  version "4.1.0"
-  resolved "https://registry.yarnpkg.com/flat/-/flat-4.1.0.tgz#090bec8b05e39cba309747f1d588f04dbaf98db2"
-  integrity sha512-Px/TiLIznH7gEDlPXcUD4KnBusa6kR6ayRUVcnEAbreRIuhkqow/mun59BuRXwoYk7ZQOLW1ZM05ilIvK38hFw==
+flat@^4.1.1:
+  version "4.1.1"
+  resolved "https://registry.yarnpkg.com/flat/-/flat-4.1.1.tgz#a392059cc382881ff98642f5da4dde0a959f309b"
+  integrity sha512-FmTtBsHskrU6FJ2VxCnsDb84wu9zhmO3cUX2kGFb5tuwhfXxGciiT0oRY+cck35QmG+NmGh5eLz6lLCpWTqwpA==
   dependencies:
     is-buffer "~2.0.3"