From acb84ae64bcbf6538bc94cf86298097629116f86 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 7 Feb 2020 04:55:15 +0000 Subject: [PATCH] fix: package.json & yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-DOTPROP-543489 --- package.json | 2 +- yarn.lock | 116 +++++++++++++++++++++++++-------------------------- 2 files changed, 59 insertions(+), 59 deletions(-) diff --git a/package.json b/package.json index 940fd64a36..b3a0c6eb09 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "dependencies": { "cypress": "^3.4.1", - "snyk": "^1.288.0" + "snyk": "^1.290.1" }, "scripts": { "snyk-protect": "snyk protect", diff --git a/yarn.lock b/yarn.lock index c5d04c1dbc..99de53d039 100644 --- a/yarn.lock +++ b/yarn.lock @@ -41,7 +41,7 @@ dependencies: tslib "^1.9.3" -"@snyk/cli-interface@^2.0.3": +"@snyk/cli-interface@2.3.1", "@snyk/cli-interface@^2.0.3": version "2.3.1" resolved "https://registry.yarnpkg.com/@snyk/cli-interface/-/cli-interface-2.3.1.tgz#73f2f4bd717b9f03f096ede3ff5830eb8d2f3716" integrity sha512-JZvsmhDXSyjv1dkc12lPI3tNTNYlIaOiIQMYFg2RgqF3QmWjTyBUgRZcF7LoKyufHtS4dIudM6k1aHBpSaDrhw== @@ -68,6 +68,18 @@ dependencies: lodash "^4.17.13" +"@snyk/configstore@3.2.0-rc1", "@snyk/configstore@^3.2.0-rc1": + version "3.2.0-rc1" + resolved "https://registry.yarnpkg.com/@snyk/configstore/-/configstore-3.2.0-rc1.tgz#385c050d11926a26d0335a4b3be9e55f90f6e0ac" + integrity sha512-CV3QggFY8BY3u8PdSSlUGLibqbqCG1zJRmGM2DhnhcxQDRRPTGTP//l7vJphOVsUP1Oe23+UQsj7KRWpRUZiqg== + dependencies: + dot-prop "^5.2.0" + graceful-fs "^4.1.2" + make-dir "^1.0.0" + unique-string "^1.0.0" + write-file-atomic "^2.0.0" + xdg-basedir "^3.0.0" + "@snyk/dep-graph@1.13.1": version "1.13.1" resolved "https://registry.yarnpkg.com/@snyk/dep-graph/-/dep-graph-1.13.1.tgz#45721f7e21136b62d1cdd99b3319e717d9071dfb" @@ -115,6 +127,22 @@ source-map-support "^0.5.7" tslib "^1.9.3" +"@snyk/update-notifier@^2.5.1-rc2": + version "2.5.1-rc2" + resolved "https://registry.yarnpkg.com/@snyk/update-notifier/-/update-notifier-2.5.1-rc2.tgz#14bf816114b5698a255289d7170157f254202fad" + integrity sha512-dlled3mfpnAt3cQb5hxkFiqfPCj4Yk0xV8Yl5P8PeVv1pUmO7vI4Ka4Mjs4r6CYM5f9kZhviFPQQcWOIDlMRcw== + dependencies: + "@snyk/configstore" "3.2.0-rc1" + boxen "^1.3.0" + chalk "^2.3.2" + import-lazy "^2.1.0" + is-ci "^1.0.10" + is-installed-globally "^0.1.0" + is-npm "^1.0.0" + latest-version "^3.1.0" + semver-diff "^2.0.0" + xdg-basedir "^3.0.0" + "@types/agent-base@^4.2.0": version "4.2.0" resolved "https://registry.yarnpkg.com/@types/agent-base/-/agent-base-4.2.0.tgz#00644e8b395b40e1bf50aaf1d22cabc1200d5051" @@ -354,7 +382,7 @@ bluebird@3.5.0: resolved "https://registry.yarnpkg.com/bluebird/-/bluebird-3.5.0.tgz#791420d7f551eea2897453a8a77653f96606d67c" integrity sha1-eRQg1/VR7qKJdFOop3ZT+WYG1nw= -boxen@^1.2.1: +boxen@^1.3.0: version "1.3.0" resolved "https://registry.yarnpkg.com/boxen/-/boxen-1.3.0.tgz#55c6c39a8ba58d9c61ad22cd877532deb665a20b" integrity sha512-TNPjfTr432qx7yOjQyaXm3dSR0MH9vXp7eT1BFSl/C51g+EFnOR9hTg1IreahGBmDNCehscshe45f+C1TBZbLw== @@ -417,7 +445,7 @@ caseless@~0.12.0: resolved "https://registry.yarnpkg.com/caseless/-/caseless-0.12.0.tgz#1b681c21ff84033c826543090689420d187151dc" integrity sha1-G2gcIf+EAzyCZUMJBolCDRhxUdw= -chalk@2.4.2, chalk@^2.4.2: +chalk@2.4.2, chalk@^2.3.2, chalk@^2.4.2: version "2.4.2" resolved "https://registry.yarnpkg.com/chalk/-/chalk-2.4.2.tgz#cd42541677a54333cf541a49108c1432b44c9424" integrity sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ== @@ -573,18 +601,6 @@ concat-stream@1.6.2: readable-stream "^2.2.2" typedarray "^0.0.6" -configstore@^3.0.0, configstore@^3.1.2: - version "3.1.2" - resolved "https://registry.yarnpkg.com/configstore/-/configstore-3.1.2.tgz#c6f25defaeef26df12dd33414b001fe81a543f8f" - integrity sha512-vtv5HtGjcYUgFrXc6Kx747B83MRRVS5R1VTEQoXvuP+kMI+if6uywV0nDGoiydJRy4yk7h9od5Og0kxx4zUXmw== - dependencies: - dot-prop "^4.1.0" - graceful-fs "^4.1.2" - make-dir "^1.0.0" - unique-string "^1.0.0" - write-file-atomic "^2.0.0" - xdg-basedir "^3.0.0" - core-js@^3.2.0: version "3.6.4" resolved "https://registry.yarnpkg.com/core-js/-/core-js-3.6.4.tgz#440a83536b458114b9cb2ac1580ba377dc470647" @@ -757,12 +773,12 @@ dockerfile-ast@0.0.18: dependencies: vscode-languageserver-types "^3.5.0" -dot-prop@^4.1.0: - version "4.2.0" - resolved "https://registry.yarnpkg.com/dot-prop/-/dot-prop-4.2.0.tgz#1f19e0c2e1aa0e32797c49799f2837ac6af69c57" - integrity sha512-tUMXrxlExSW6U2EXiiKGSBVdYgtV8qlHL+C10TsW4PURY/ic+eaysnSkwB4kA/mBlCyy/IKDJ+Lc3wbWeaXtuQ== +dot-prop@^5.2.0: + version "5.2.0" + resolved "https://registry.yarnpkg.com/dot-prop/-/dot-prop-5.2.0.tgz#c34ecc29556dc45f1f4c22697b6f4904e0cc4fcb" + integrity sha512-uEUyaDKoSQ1M4Oq8l45hSE26SnTxL6snNnqvK/VWx5wJhmff5z0FUVJDKDanor/6w3kzE3i7XZOk+7wC0EXr1A== dependencies: - is-obj "^1.0.0" + is-obj "^2.0.0" dotnet-deps-parser@4.9.0: version "4.9.0" @@ -1343,10 +1359,10 @@ is-npm@^1.0.0: resolved "https://registry.yarnpkg.com/is-npm/-/is-npm-1.0.0.tgz#f2fb63a65e4905b406c86072765a1a4dc793b9f4" integrity sha1-8vtjpl5JBbQGyGBydloaTceTufQ= -is-obj@^1.0.0: - version "1.0.1" - resolved "https://registry.yarnpkg.com/is-obj/-/is-obj-1.0.1.tgz#3e4729ac1f5fde025cd7d83a896dab9f4f67db0f" - integrity sha1-PkcprB9f3gJc19g6iW2rn09n2w8= +is-obj@^2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/is-obj/-/is-obj-2.0.0.tgz#473fb05d973705e3fd9620545018ca8e22ef4982" + integrity sha512-drqDG3cbczxxEJRoOXcOjtdp1J/lyp1mNn0xaznRs8+muBhgQcrnbspox5X5fOw0HnMnbfDzvnEMEtqDEJEo8w== is-path-inside@^1.0.0: version "1.0.1" @@ -1467,7 +1483,7 @@ jszip@^3.1.5: readable-stream "~2.3.6" set-immediate-shim "~1.0.1" -latest-version@^3.0.0: +latest-version@^3.1.0: version "3.1.0" resolved "https://registry.yarnpkg.com/latest-version/-/latest-version-3.1.0.tgz#a205383fea322b33b5ae3b18abee0dc2f356ee15" integrity sha1-ogU4P+oyKzO1rjsYq+4NwvNW7hU= @@ -2368,12 +2384,12 @@ snyk-module@1.9.1, snyk-module@^1.6.0, snyk-module@^1.9.1: debug "^3.1.0" hosted-git-info "^2.7.1" -snyk-mvn-plugin@2.7.0: - version "2.7.0" - resolved "https://registry.yarnpkg.com/snyk-mvn-plugin/-/snyk-mvn-plugin-2.7.0.tgz#39996df2a878b16a7e3cbe5b63a7c43855031d49" - integrity sha512-DLBt+6ZvtoleXE7Si3wAa6gdPSWsXdIQEY6m2zW2InN9WiaRwIEKMCY822eFmRPZVNNmZNRUIeQsoHZwv/slqQ== +snyk-mvn-plugin@2.8.0: + version "2.8.0" + resolved "https://registry.yarnpkg.com/snyk-mvn-plugin/-/snyk-mvn-plugin-2.8.0.tgz#20c4201debd99928ade099fd426d13bd17b2cc85" + integrity sha512-Jt6lsVOFOYj7rp0H2IWz/BZS9xxaO0jEFTAoafLCocJIWWuGhPpVocCqmh/hrYAdKY9gS4gVOViMJ3EvcC1r1Q== dependencies: - "@snyk/cli-interface" "2.2.0" + "@snyk/cli-interface" "2.3.1" debug "^4.1.1" lodash "^4.17.15" needle "^2.4.0" @@ -2437,10 +2453,10 @@ snyk-policy@1.13.5: snyk-try-require "^1.3.1" then-fs "^2.0.0" -snyk-python-plugin@1.16.0: - version "1.16.0" - resolved "https://registry.yarnpkg.com/snyk-python-plugin/-/snyk-python-plugin-1.16.0.tgz#0eae3c085a87b7d91f8097f598571104c01e0f08" - integrity sha512-IA53xOcy1s881tbIrIXNqIuCNozd4PAVWN8oF0xgRn2NQbq0e7EWt7kFPJbmZodpLCDpXaKKqV2MHbXruFIsrw== +snyk-python-plugin@1.17.0: + version "1.17.0" + resolved "https://registry.yarnpkg.com/snyk-python-plugin/-/snyk-python-plugin-1.17.0.tgz#9bc38ba3c799c3cbef7676a1081f52608690d254" + integrity sha512-EKdVOUlvhiVpXA5TeW8vyxYVqbITAfT+2AbL2ZRiiUNLP5ae+WiNYaPy7aB5HAS9IKBKih+IH8Ag65Xu1IYSYA== dependencies: "@snyk/cli-interface" "^2.0.3" tmp "0.0.33" @@ -2504,22 +2520,23 @@ snyk-try-require@1.3.1, snyk-try-require@^1.1.1, snyk-try-require@^1.3.1: lru-cache "^4.0.0" then-fs "^2.0.0" -snyk@^1.288.0: - version "1.288.0" - resolved "https://registry.yarnpkg.com/snyk/-/snyk-1.288.0.tgz#ea0ab2cd29ccbc9575a7bfae9ecfaf8adf0cbcc3" - integrity sha512-w4um5kCDm4rBbBKq2Vs1imuOoCDkfgI3iLhw7B3oV4F00NjWKQmEC/g7kPTaMNnIS3PP1y+eljd3TD3Rwtc9Ag== +snyk@^1.290.1: + version "1.290.2" + resolved "https://registry.yarnpkg.com/snyk/-/snyk-1.290.2.tgz#a5e36e735a8083464263abdb266b6c9b3d46de7f" + integrity sha512-siieHkSY/b3Yw1Gf84L07j65m2Bht1PamAbX3cmZ1zAzsUxfXpqZq5W9PlAp5z1d0Tp1vxsQmXw6UGW0K1Tq1Q== dependencies: "@snyk/cli-interface" "2.3.0" + "@snyk/configstore" "^3.2.0-rc1" "@snyk/dep-graph" "1.13.1" "@snyk/gemfile" "1.2.0" "@snyk/snyk-cocoapods-plugin" "2.0.1" + "@snyk/update-notifier" "^2.5.1-rc2" "@types/agent-base" "^4.2.0" "@types/restify" "^4.3.6" abbrev "^1.1.1" ansi-escapes "3.2.0" chalk "^2.4.2" cli-spinner "0.2.10" - configstore "^3.1.2" debug "^3.1.0" diff "^4.0.1" git-url-parse "11.1.2" @@ -2537,12 +2554,12 @@ snyk@^1.288.0: snyk-go-plugin "1.11.1" snyk-gradle-plugin "3.2.4" snyk-module "1.9.1" - snyk-mvn-plugin "2.7.0" + snyk-mvn-plugin "2.8.0" snyk-nodejs-lockfile-parser "1.17.0" snyk-nuget-plugin "1.16.0" snyk-php-plugin "1.7.0" snyk-policy "1.13.5" - snyk-python-plugin "1.16.0" + snyk-python-plugin "1.17.0" snyk-resolve "1.0.1" snyk-resolve-deps "4.4.0" snyk-sbt-plugin "2.11.0" @@ -2552,7 +2569,6 @@ snyk@^1.288.0: strip-ansi "^5.2.0" tempfile "^2.0.0" then-fs "^2.0.0" - update-notifier "^2.5.0" uuid "^3.3.2" wrap-ansi "^5.1.0" @@ -2864,22 +2880,6 @@ unzip-response@^2.0.1: resolved "https://registry.yarnpkg.com/unzip-response/-/unzip-response-2.0.1.tgz#d2f0f737d16b0615e72a6935ed04214572d56f97" integrity sha1-0vD3N9FrBhXnKmk17QQhRXLVb5c= -update-notifier@^2.5.0: - version "2.5.0" - resolved "https://registry.yarnpkg.com/update-notifier/-/update-notifier-2.5.0.tgz#d0744593e13f161e406acb1d9408b72cad08aff6" - integrity sha512-gwMdhgJHGuj/+wHJJs9e6PcCszpxR1b236igrOkUofGhqJuG+amlIKwApH1IW1WWl7ovZxsX49lMBWLxSdm5Dw== - dependencies: - boxen "^1.2.1" - chalk "^2.0.1" - configstore "^3.0.0" - import-lazy "^2.1.0" - is-ci "^1.0.10" - is-installed-globally "^0.1.0" - is-npm "^1.0.0" - latest-version "^3.0.0" - semver-diff "^2.0.0" - xdg-basedir "^3.0.0" - uri-js@^4.2.2: version "4.2.2" resolved "https://registry.yarnpkg.com/uri-js/-/uri-js-4.2.2.tgz#94c540e1ff772956e2299507c010aea6c8838eb0"