From 68b92686c087d9a89c09fbe511843b23e276b635 Mon Sep 17 00:00:00 2001 From: snyk-test Date: Tue, 9 Jul 2019 01:39:21 +0000 Subject: [PATCH] fix: .snyk & package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-MARKED-451540 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-450202 --- .snyk | 29 ++++++++++++++++++++++++++++- package.json | 4 ++-- 2 files changed, 30 insertions(+), 3 deletions(-) diff --git a/.snyk b/.snyk index 2b58f27..9fba6d4 100644 --- a/.snyk +++ b/.snyk @@ -1,5 +1,5 @@ # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. -version: v1.7.1 +version: v1.13.5 ignore: {} # patches apply the minimum changes required to fix a vulnerability patch: @@ -8,3 +8,30 @@ patch: patched: '2017-09-26T06:47:08.890Z' - gulp-mocha > mocha > debug: patched: '2017-09-26T06:47:08.890Z' + SNYK-JS-LODASH-450202: + - gulp-jshint > jshint > lodash: + patched: '2019-07-09T01:39:19.876Z' + - jshint > lodash: + patched: '2019-07-09T01:39:19.876Z' + - snyk > snyk-config > lodash: + patched: '2019-07-09T01:39:19.876Z' + - snyk > inquirer > lodash: + patched: '2019-07-09T01:39:19.876Z' + - snyk > snyk-nuget-plugin > lodash: + patched: '2019-07-09T01:39:19.876Z' + - snyk > @snyk/dep-graph > lodash: + patched: '2019-07-09T01:39:19.876Z' + - snyk > lodash: + patched: '2019-07-09T01:39:19.876Z' + - snyk > snyk-nodejs-lockfile-parser > lodash: + patched: '2019-07-09T01:39:19.876Z' + - snyk > snyk-mvn-plugin > lodash: + patched: '2019-07-09T01:39:19.876Z' + - snyk > snyk-go-plugin > graphlib > lodash: + patched: '2019-07-09T01:39:19.876Z' + - snyk > snyk-nodejs-lockfile-parser > graphlib > lodash: + patched: '2019-07-09T01:39:19.876Z' + - snyk > snyk-php-plugin > @snyk/composer-lockfile-parser > lodash: + patched: '2019-07-09T01:39:19.876Z' + - snyk > @snyk/dep-graph > graphlib > lodash: + patched: '2019-07-09T01:39:19.876Z' diff --git a/package.json b/package.json index 5d5b6e0..7b0e8be 100644 --- a/package.json +++ b/package.json @@ -23,7 +23,7 @@ "gulp-mocha": "^5.0.0", "jshint": "^2.8.0", "liquid.js": "^1.3.2", - "marked": "^0.3.5", + "marked": "^0.4.0", "mocha": "^5.0.3", "mock-spawn": "^0.2.6", "sinon": "^1.15.4", @@ -31,7 +31,7 @@ "underscore": "^1.8.3", "watchify": "^3.6.1", "yamljs": "^0.2.4", - "snyk": "^1.41.1" + "snyk": "^1.192.4" }, "snyk": true }