From 366e3fc9aa57b5a81b4c2d515de76ccdd1195d5a Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sun, 9 Oct 2022 22:50:29 +0000 Subject: [PATCH] fix: cyclic-dep-simple/package.json, cyclic-dep-simple/package-lock.json & cyclic-dep-simple/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/npm:debug:20170905 - https://snyk.io/vuln/npm:ms:20151024 - https://snyk.io/vuln/npm:ms:20170412 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:debug:20170905 --- cyclic-dep-simple/.snyk | 8 ++++++++ cyclic-dep-simple/package-lock.json | 22 ++++++++++++---------- cyclic-dep-simple/package.json | 10 ++++++++-- 3 files changed, 28 insertions(+), 12 deletions(-) create mode 100644 cyclic-dep-simple/.snyk diff --git a/cyclic-dep-simple/.snyk b/cyclic-dep-simple/.snyk new file mode 100644 index 000000000..7c616dd0f --- /dev/null +++ b/cyclic-dep-simple/.snyk @@ -0,0 +1,8 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.25.0 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:debug:20170905': + - debug > ms > debug: + patched: '2022-10-09T22:50:25.887Z' diff --git a/cyclic-dep-simple/package-lock.json b/cyclic-dep-simple/package-lock.json index 58dfd250b..45b39ebf5 100644 --- a/cyclic-dep-simple/package-lock.json +++ b/cyclic-dep-simple/package-lock.json @@ -4,21 +4,23 @@ "lockfileVersion": 1, "requires": true, "dependencies": { + "@snyk/protect": { + "version": "1.1025.0", + "resolved": "https://registry.npmjs.org/@snyk/protect/-/protect-1.1025.0.tgz", + "integrity": "sha512-RK9tY2Aqujv5l9e/5nE4yiTilk8vxyB99VtJJ/6p9TZYhddCVQUUv+PNenhVVO3jkSD8/3gLWbPakIvQsFKynA==" + }, "debug": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/debug/-/debug-2.0.0.tgz", - "integrity": "sha1-ib2d9nMrUSVrxnBTQrugLtEhMe8=", + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", "requires": { - "ms": "0.6.2" + "ms": "2.0.0" } }, "ms": { - "version": "0.6.2", - "resolved": "https://registry.npmjs.org/ms/-/ms-0.6.2.tgz", - "integrity": "sha1-2JwhJMb9wTU9Zai3e/GqxLGTcIw=", - "requires": { - "debug": "2.0.0" - } + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==" } } } diff --git a/cyclic-dep-simple/package.json b/cyclic-dep-simple/package.json index b9e2f140d..5b77cd752 100644 --- a/cyclic-dep-simple/package.json +++ b/cyclic-dep-simple/package.json @@ -6,11 +6,17 @@ "main": "index.js", "module": "index.mjs", "dependencies": { - "debug": "2.0.x" + "debug": "2.6.9", + "@snyk/protect": "latest" }, "engines": { "node": ">=8.0" }, "homepage": "https://github.com/MarkGriffiths/trucolor", - "license": "MIT" + "license": "MIT", + "scripts": { + "prepare": "npm run snyk-protect", + "snyk-protect": "snyk-protect" + }, + "snyk": true }