From 47dfb5b66082e2815139c456d3e2e15465fc681c Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sat, 18 Mar 2023 01:57:04 +0000 Subject: [PATCH] fix: package.json, package-lock.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-APOLLOCLIENT-1085706 - https://snyk.io/vuln/SNYK-JS-ASYNC-2441827 - https://snyk.io/vuln/SNYK-JS-AXIOS-1038255 - https://snyk.io/vuln/SNYK-JS-AXIOS-1579269 - https://snyk.io/vuln/SNYK-JS-AXIOS-174505 - https://snyk.io/vuln/SNYK-JS-COLORSTRING-1082939 - https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2332181 - https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2396346 - https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905 - https://snyk.io/vuln/SNYK-JS-IMMER-1019369 - https://snyk.io/vuln/SNYK-JS-IMMER-1540542 - https://snyk.io/vuln/SNYK-JS-LODASH-1018905 - https://snyk.io/vuln/SNYK-JS-LODASH-1040724 - https://snyk.io/vuln/SNYK-JS-LODASH-450202 - https://snyk.io/vuln/SNYK-JS-LODASH-567746 - https://snyk.io/vuln/SNYK-JS-LODASH-608086 - https://snyk.io/vuln/SNYK-JS-NETMASK-1089716 - https://snyk.io/vuln/SNYK-JS-NODEFETCH-2342118 - https://snyk.io/vuln/SNYK-JS-NODEFETCH-674311 - https://snyk.io/vuln/SNYK-JS-PACRESOLVER-1564857 - https://snyk.io/vuln/SNYK-JS-PM2-474304 - https://snyk.io/vuln/SNYK-JS-PM2-474345 - https://snyk.io/vuln/SNYK-JS-QS-3153490 - https://snyk.io/vuln/SNYK-JS-STYLEDCOMPONENTS-3149924 - https://snyk.io/vuln/SNYK-JS-UAPARSERJS-1023599 - https://snyk.io/vuln/SNYK-JS-UAPARSERJS-1072471 - https://snyk.io/vuln/SNYK-JS-UAPARSERJS-610226 - https://snyk.io/vuln/SNYK-JS-VIZION-565230 - https://snyk.io/vuln/SNYK-JS-WEBPACK-3358798 - https://snyk.io/vuln/SNYK-JS-WS-1296835 - https://snyk.io/vuln/SNYK-JS-XLSX-1311137 - https://snyk.io/vuln/SNYK-JS-XLSX-1311139 - https://snyk.io/vuln/SNYK-JS-XLSX-1311141 - https://snyk.io/vuln/SNYK-JS-XLSX-585898 - https://snyk.io/vuln/npm:extend:20180424 - https://snyk.io/vuln/npm:truncate:20180225 - https://snyk.io/vuln/npm:xlsx:20180222 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- .snyk | 12 ++++++++++++ package.json | 42 +++++++++++++++++++++++------------------- 2 files changed, 35 insertions(+), 19 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 000000000..bb29e66d2 --- /dev/null +++ b/.snyk @@ -0,0 +1,12 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.25.0 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - react-google-maps > lodash: + patched: '2023-03-18T01:56:39.786Z' + - styled-components > babel-plugin-styled-components > lodash: + patched: '2023-03-18T01:56:39.786Z' + - pm2 > vizion > async > lodash: + patched: '2023-03-18T01:56:39.786Z' diff --git a/package.json b/package.json index 7f4697d7e..2a7482023 100644 --- a/package.json +++ b/package.json @@ -4,7 +4,7 @@ "npm": "8.19" }, "dependencies": { - "@apollo/client": "3.2.0", + "@apollo/client": "3.4.0", "@babel/traverse": "7.18.0", "@datadog/browser-rum": "4.8.1", "@floating-ui/react-dom-interactions": "0.6.6", @@ -27,13 +27,13 @@ "arr-flatten": "1.1.0", "array-to-dictionary": "1.0.1", "axe-core": "4.3.3", - "axios": "0.15.3", + "axios": "0.21.3", "battery-pack": "file:./packages/battery-pack", "bootstrap": "4.3.1", "chalk": "2.4.1", "chokidar": "3.5.1", "classnames": "2.2.5", - "color": "0.11.1", + "color": "1.0.0", "compression": "1.7.3", "concurrently": "6.0.0", "consolidated-events": "2.0.2", @@ -45,7 +45,7 @@ "dd-trace": "3.15.0", "deepmerge": "4.0.0", "dotenv": "8.2.0", - "express": "4.16.4", + "express": "4.17.3", "file-saver": "1.3.3", "focus-visible": "5.2.0", "graphql": "14.5.8", @@ -53,12 +53,12 @@ "history": "2.1.2", "http-proxy-middleware": "2.0.1", "humps": "1.1.0", - "immer": "6.0.1", + "immer": "9.0.6", "invariant": "2.2.4", "isomorphic-ws": "4.0.1", "jwt-decode": "2.2.0", "ldclient-js": "2.9.7", - "lodash": "4.17.11", + "lodash": "4.17.21", "lru-cache": "4.0.1", "markdown-table": "1.1.2", "markdown-to-jsx": "7.1.9", @@ -66,13 +66,13 @@ "next-images": "1.8.1", "next-redux-wrapper": "7.0.5", "next-transpile-modules": "9.0.0", - "node-fetch": "2.6.0", + "node-fetch": "2.6.7", "numeral": "1.5.3", "ordinal": "1.0.2", "patch-package": "6.4.7", "persona": "4.6.0", - "pm2": "3.2.2", - "prop-types": "15.6.0", + "pm2": "5.0.0", + "prop-types": "15.6.2", "query-string": "4.3.3", "raf": "3.3.0", "react": "16.14.0", @@ -98,7 +98,7 @@ "redux-thunk": "2.3.0", "reselect": "2.5.1", "rifm": "0.12.0", - "rollbar": "2.3.9", + "rollbar": "2.4.1", "save": "2.9.0", "schema-dts": "1.1.0", "seamless-immutable": "7.1.2", @@ -107,24 +107,25 @@ "shallowequal": "1.1.0", "smoothscroll-polyfill": "0.4.4", "spark-md5": "3.0.1", - "styled-components": "5.3.5", + "styled-components": "5.3.7", "swr": "1.3.0", "tailwindcss": "3.2.7", "truecar-resize-observer-polyfill": "1.5.1", - "truncate": "2.0.0", - "ua-parser-js": "0.7.20", + "truncate": "2.0.1", + "ua-parser-js": "0.7.24", "unfetch": "4.1.0", "universal-cookie": "4.0.4", "unused-webpack-plugin": "2.4.0", "url": "0.10.3", "use-immer": "0.3.5", "uuid": "3.3.3", - "webpack": "5.72.1", + "webpack": "5.76.0", "wicg-inert": "3.1.1", "winston": "3.2.1", - "ws": "7.1.2", - "xlsx": "0.10.5", - "xstate": "4.18.0" + "ws": "7.4.6", + "xlsx": "0.17.0", + "xstate": "4.18.0", + "@snyk/protect": "latest" }, "devDependencies": { "@babel/cli": "7.17.10", @@ -384,7 +385,9 @@ "storybook:build": "build-storybook -c .storybook -o build/docs", "testcafe-sauce-edge": "testcafe 'saucelabs:MicrosoftEdge@latest:Windows 10,saucelabs:iPhone 11 Simulator@13.4' testcafe/tests/ -q -c 1 --skip-js-errors --browser-init-timeout 420000", "update-version": "node ./scripts/updateVersion.js", - "find-unused": "ts-prune --ignore 'apps/consumer-next/pages|apps/dealer-next/pages|docs/|packages/|libs/' | grep -Ev 'index|Fragment'" + "find-unused": "ts-prune --ignore 'apps/consumer-next/pages|apps/dealer-next/pages|docs/|packages/|libs/' | grep -Ev 'index|Fragment'", + "prepare": "npm run snyk-protect", + "snyk-protect": "snyk-protect" }, "pre-commit": [ "prettier-staged" @@ -396,5 +399,6 @@ "react": "16.14.0", "react-dom": "16.14.0", "@types/react": "18.0.28" - } + }, + "snyk": true }