From 196726497cc3662b3527c3bf9b03619af7f45a56 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 16 Oct 2019 06:05:03 +0000 Subject: [PATCH] fix: package.json, package-lock.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-450202 --- .snyk | 11 ++++++++++- package-lock.json | 1 + package.json | 2 +- 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/.snyk b/.snyk index 5eb776c5f..74d6ddf0a 100644 --- a/.snyk +++ b/.snyk @@ -1,5 +1,5 @@ # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. -version: v1.13.3 +version: v1.13.5 ignore: {} # patches apply the minimum changes required to fix a vulnerability patch: @@ -9,3 +9,12 @@ patch: 'npm:ms:20170412': - proxy > debug > ms: patched: '2019-03-01T05:56:52.269Z' + SNYK-JS-LODASH-450202: + - snyk > @snyk/snyk-cocoapods-plugin > @snyk/dep-graph > lodash: + patched: '2019-10-16T06:04:41.383Z' + - snyk > @snyk/snyk-cocoapods-plugin > @snyk/cocoapods-lockfile-parser > @snyk/dep-graph > lodash: + patched: '2019-10-16T06:04:41.383Z' + - snyk > @snyk/snyk-cocoapods-plugin > @snyk/dep-graph > graphlib > lodash: + patched: '2019-10-16T06:04:41.383Z' + - snyk > @snyk/snyk-cocoapods-plugin > @snyk/cocoapods-lockfile-parser > @snyk/dep-graph > graphlib > lodash: + patched: '2019-10-16T06:04:41.383Z' diff --git a/package-lock.json b/package-lock.json index fdd358558..53cb97e1f 100644 --- a/package-lock.json +++ b/package-lock.json @@ -16159,6 +16159,7 @@ }, "https-proxy-agent-snyk-fork": { "version": "2.2.2-fixed-mitm-vuln", + "from": "git://github.com/snyk/node-https-proxy-agent.git#fix/https-agent-vuln", "bundled": true, "requires": { "agent-base": "^4.3.0", diff --git a/package.json b/package.json index d546b07a6..38aa229c9 100644 --- a/package.json +++ b/package.json @@ -113,7 +113,7 @@ "rxjs-compat": "6.4.0", "session-file-store": "1.2.0", "shortid": "^2.2.14", - "snyk": "^1.136.0", + "snyk": "^1.235.0", "stable": "0.1.8", "ts-loader": "5.3.2", "udk": "0.3.12",