fix: package.json, package-lock.json & .snyk to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AWSSDK-1059424 - https://snyk.io/vuln/SNYK-JS-CONVICT-1062508 - https://snyk.io/vuln/SNYK-JS-DATEANDTIME-1054430 - https://snyk.io/vuln/SNYK-JS-JSONBIGINT-608659 - https://snyk.io/vuln/SNYK-JS-MERGE-1040469 - https://snyk.io/vuln/SNYK-JS-MERGE-1042987 - https://snyk.io/vuln/SNYK-JS-NODEFETCH-674311 - https://snyk.io/vuln/SNYK-JS-NODEMAILER-1296415 - https://snyk.io/vuln/SNYK-JS-REDIS-1255645 - https://snyk.io/vuln/SNYK-JS-UAPARSERJS-1023599 - https://snyk.io/vuln/SNYK-JS-UAPARSERJS-1072471 - https://snyk.io/vuln/SNYK-JS-UAPARSERJS-610226 - https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090599 - https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090600 - https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090601 - https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090602 - https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746
datagovsg · Jul 26, 2021 · c204765 · c204765
1 parent 164e64b
commit c204765
Show file tree

Hide file tree

Showing 3 changed files with 514 additions and 256 deletions.
diff --git a/.snyk b/.snyk
@@ -0,0 +1,10 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.21.5
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-LODASH-567746:
+    - selenium-standalone > lodash:
+        patched: '2021-07-26T08:52:42.686Z'
+    - selenium-standalone > async > lodash:
+        patched: '2021-07-26T08:52:42.686Z'