diff --git a/.snyk b/.snyk new file mode 100644 index 000000000000..26057c3e5566 --- /dev/null +++ b/.snyk @@ -0,0 +1,114 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.19.0 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - '@babel/core > lodash': + patched: '2021-03-21T20:49:04.486Z' + - eslint > lodash: + patched: '2021-03-21T20:49:04.486Z' + - karma > lodash: + patched: '2021-03-21T20:49:04.486Z' + - node-sass > lodash: + patched: '2021-03-21T20:49:04.486Z' + - stylelint > lodash: + patched: '2021-03-21T20:49:04.486Z' + - '@babel/preset-env > @babel/plugin-transform-block-scoping > lodash': + patched: '2021-03-21T20:49:04.486Z' + - babel-eslint > @babel/traverse > lodash: + patched: '2021-03-21T20:49:04.486Z' + - eslint > inquirer > lodash: + patched: '2021-03-21T20:49:04.486Z' + - eslint > table > lodash: + patched: '2021-03-21T20:49:04.486Z' + - stylelint > table > lodash: + patched: '2021-03-21T20:49:04.486Z' + - linkinator > cheerio > lodash: + patched: '2021-03-21T20:49:04.486Z' + - node-sass > sass-graph > lodash: + patched: '2021-03-21T20:49:04.486Z' + - postcss-cli > postcss-reporter > lodash: + patched: '2021-03-21T20:49:04.486Z' + - stylelint > postcss-reporter > lodash: + patched: '2021-03-21T20:49:04.486Z' + - stylelint-config-twbs-bootstrap > stylelint-order > lodash: + patched: '2021-03-21T20:49:04.486Z' + - stylelint-config-twbs-bootstrap > stylelint-scss > lodash: + patched: '2021-03-21T20:49:04.486Z' + - '@babel/preset-env > @babel/plugin-transform-modules-umd > @babel/helper-module-transforms > lodash': + patched: '2021-03-21T20:49:04.486Z' + - babel-eslint > @babel/traverse > @babel/generator > lodash: + patched: '2021-03-21T20:49:04.486Z' + - rollup-plugin-babel > @babel/helper-module-imports > @babel/types > lodash: + patched: '2021-03-21T20:49:04.486Z' + - babel-plugin-istanbul > istanbul-lib-instrument > @babel/traverse > lodash: + patched: '2021-03-21T20:49:04.486Z' + - stylelint > postcss-jsx > @babel/core > lodash: + patched: '2021-03-21T20:49:04.486Z' + - karma-coverage-istanbul-reporter > istanbul-api > async > lodash: + patched: '2021-03-21T20:49:04.486Z' + - karma > log4js > streamroller > lodash: + patched: '2021-03-21T20:49:04.486Z' + - node-sass > gaze > globule > lodash: + patched: '2021-03-21T20:49:04.486Z' + - rollup-plugin-istanbul > istanbul-lib-instrument > babel-types > lodash: + patched: '2021-03-21T20:49:04.486Z' + - rollup-plugin-istanbul > istanbul-lib-instrument > babel-generator > lodash: + patched: '2021-03-21T20:49:04.486Z' + - rollup-plugin-istanbul > istanbul-lib-instrument > babel-traverse > lodash: + patched: '2021-03-21T20:49:04.486Z' + - rollup-plugin-istanbul > istanbul-lib-instrument > babel-template > lodash: + patched: '2021-03-21T20:49:04.486Z' + - stylelint-config-twbs-bootstrap > stylelint-order > postcss-sorting > lodash: + patched: '2021-03-21T20:49:04.486Z' + - '@babel/preset-env > @babel/plugin-transform-unicode-regex > @babel/helper-create-regexp-features-plugin > @babel/helper-regex > lodash': + patched: '2021-03-21T20:49:04.486Z' + - babel-eslint > @babel/traverse > @babel/helper-split-export-declaration > @babel/types > lodash: + patched: '2021-03-21T20:49:04.486Z' + - babel-plugin-istanbul > istanbul-lib-instrument > @babel/traverse > @babel/generator > lodash: + patched: '2021-03-21T20:49:04.486Z' + - stylelint > postcss-jsx > @babel/core > @babel/traverse > lodash: + patched: '2021-03-21T20:49:04.486Z' + - karma-coverage-istanbul-reporter > istanbul-api > istanbul-lib-instrument > @babel/traverse > lodash: + patched: '2021-03-21T20:49:04.486Z' + - karma > log4js > streamroller > async > lodash: + patched: '2021-03-21T20:49:04.486Z' + - rollup-plugin-istanbul > istanbul-lib-instrument > babel-generator > babel-types > lodash: + patched: '2021-03-21T20:49:04.486Z' + - rollup-plugin-istanbul > istanbul-lib-instrument > babel-traverse > babel-types > lodash: + patched: '2021-03-21T20:49:04.486Z' + - rollup-plugin-istanbul > istanbul-lib-instrument > babel-template > babel-types > lodash: + patched: '2021-03-21T20:49:04.486Z' + - rollup-plugin-istanbul > istanbul-lib-instrument > babel-template > babel-traverse > lodash: + patched: '2021-03-21T20:49:04.486Z' + - '@babel/preset-env > @babel/plugin-transform-exponentiation-operator > @babel/helper-builder-binary-assignment-operator-visitor > @babel/helper-explode-assignable-expression > @babel/traverse > lodash': + patched: '2021-03-21T20:49:04.486Z' + - babel-plugin-istanbul > istanbul-lib-instrument > @babel/traverse > @babel/helper-split-export-declaration > @babel/types > lodash: + patched: '2021-03-21T20:49:04.486Z' + - stylelint > postcss-jsx > @babel/core > @babel/helpers > @babel/traverse > lodash: + patched: '2021-03-21T20:49:04.486Z' + - karma-coverage-istanbul-reporter > istanbul-api > istanbul-lib-instrument > @babel/traverse > @babel/generator > lodash: + patched: '2021-03-21T20:49:04.486Z' + - babel-eslint > @babel/traverse > @babel/helper-function-name > @babel/helper-get-function-arity > @babel/types > lodash: + patched: '2021-03-21T20:49:04.486Z' + - rollup-plugin-istanbul > istanbul-lib-instrument > babel-template > babel-traverse > babel-types > lodash: + patched: '2021-03-21T20:49:04.486Z' + - stylelint > postcss-jsx > @babel/core > @babel/helpers > @babel/traverse > @babel/generator > lodash: + patched: '2021-03-21T20:49:04.486Z' + - '@babel/preset-env > @babel/plugin-transform-exponentiation-operator > @babel/helper-builder-binary-assignment-operator-visitor > @babel/helper-explode-assignable-expression > @babel/traverse > @babel/generator > lodash': + patched: '2021-03-21T20:49:04.486Z' + - karma-coverage-istanbul-reporter > istanbul-api > istanbul-lib-instrument > @babel/traverse > @babel/helper-split-export-declaration > @babel/types > lodash: + patched: '2021-03-21T20:49:04.486Z' + - babel-plugin-istanbul > istanbul-lib-instrument > @babel/traverse > @babel/helper-function-name > @babel/helper-get-function-arity > @babel/types > lodash: + patched: '2021-03-21T20:49:04.486Z' + - stylelint > postcss-jsx > @babel/core > @babel/helpers > @babel/traverse > @babel/helper-split-export-declaration > @babel/types > lodash: + patched: '2021-03-21T20:49:04.486Z' + - '@babel/preset-env > @babel/plugin-transform-exponentiation-operator > @babel/helper-builder-binary-assignment-operator-visitor > @babel/helper-explode-assignable-expression > @babel/traverse > @babel/helper-split-export-declaration > @babel/types > lodash': + patched: '2021-03-21T20:49:04.486Z' + - karma-coverage-istanbul-reporter > istanbul-api > istanbul-lib-instrument > @babel/traverse > @babel/helper-function-name > @babel/helper-get-function-arity > @babel/types > lodash: + patched: '2021-03-21T20:49:04.486Z' + - stylelint > postcss-jsx > @babel/core > @babel/helpers > @babel/traverse > @babel/helper-function-name > @babel/helper-get-function-arity > @babel/types > lodash: + patched: '2021-03-21T20:49:04.486Z' + - '@babel/preset-env > @babel/plugin-transform-exponentiation-operator > @babel/helper-builder-binary-assignment-operator-visitor > @babel/helper-explode-assignable-expression > @babel/traverse > @babel/helper-function-name > @babel/helper-get-function-arity > @babel/types > lodash': + patched: '2021-03-21T20:49:04.486Z' diff --git a/package.json b/package.json index 1556823c00c6..d8815b0aff36 100644 --- a/package.json +++ b/package.json @@ -67,7 +67,9 @@ "watch-css-main": "nodemon --watch scss/ --ext scss --exec \"npm-run-all css-lint css-compile css-prefix\"", "watch-css-docs": "nodemon --watch site/assets/scss/ --ext scss --exec \"npm run css-lint\"", "watch-js-main": "nodemon --watch js/src/ --ext js --exec \"npm-run-all js-lint js-compile\"", - "watch-js-docs": "nodemon --watch site/assets/js/ --ext js --exec \"npm run js-lint\"" + "watch-js-docs": "nodemon --watch site/assets/js/ --ext js --exec \"npm run js-lint\"", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" }, "style": "dist/css/bootstrap.css", "sass": "scss/bootstrap.scss", @@ -81,19 +83,21 @@ "url": "https://github.com/twbs/bootstrap/issues" }, "license": "MIT", - "dependencies": {}, + "dependencies": { + "snyk": "^1.503.0" + }, "peerDependencies": { "popper.js": "^1.16.0" }, "devDependencies": { - "@babel/cli": "^7.7.0", + "@babel/cli": "^7.12.0", "@babel/core": "^7.7.2", "@babel/plugin-proposal-object-rest-spread": "^7.6.2", "@babel/preset-env": "^7.7.1", "autoprefixer": "^9.7.1", "babel-eslint": "^10.0.3", "babel-plugin-istanbul": "^5.2.0", - "bundlesize": "^0.18.0", + "bundlesize": "^0.18.1", "clean-css-cli": "^4.3.0", "cross-env": "^6.0.3", "eslint": "^6.6.0", @@ -106,7 +110,7 @@ "hugo-bin": "^0.47.1", "ip": "^1.1.5", "jasmine-core": "^3.5.0", - "karma": "^4.4.1", + "karma": "^6.0.0", "karma-browserstack-launcher": "1.4.0", "karma-chrome-launcher": "^3.1.0", "karma-coverage-istanbul-reporter": "^2.1.0", @@ -115,12 +119,12 @@ "karma-jasmine": "^2.0.1", "karma-jasmine-html-reporter": "^1.4.2", "karma-rollup-preprocessor": "^7.0.2", - "linkinator": "^1.7.3", - "node-sass": "^4.13.0", - "nodemon": "^1.19.4", + "linkinator": "^1.8.2", + "node-sass": "^4.13.1", + "nodemon": "^2.0.0", "npm-run-all": "^4.1.5", "popper.js": "^1.16.0", - "postcss-cli": "^6.1.3", + "postcss-cli": "^7.0.0", "rollup": "^1.26.5", "rollup-plugin-babel": "^4.3.3", "rollup-plugin-commonjs": "^10.1.0", @@ -128,7 +132,7 @@ "rollup-plugin-node-resolve": "^5.2.0", "serve": "^11.2.0", "shelljs": "^0.8.3", - "stylelint": "^11.1.1", + "stylelint": "^13.0.0", "stylelint-config-twbs-bootstrap": "^0.9.0", "terser": "^4.4.0", "vnu-jar": "19.9.4" @@ -165,5 +169,6 @@ "funding": { "type": "opencollective", "url": "https://opencollective.com/bootstrap" - } + }, + "snyk": true }