From 186c799b9fc900c418280296973ce162f7b73cf0 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 1 May 2020 06:48:15 +0600 Subject: [PATCH 1/2] fix: packages/babel-preset-react-app/package.json & packages/babel-preset-react-app/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- packages/babel-preset-react-app/package.json | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/packages/babel-preset-react-app/package.json b/packages/babel-preset-react-app/package.json index 71a1bf7f760..4ce96f11733 100644 --- a/packages/babel-preset-react-app/package.json +++ b/packages/babel-preset-react-app/package.json @@ -33,6 +33,12 @@ "babel-loader": "8.0.4", "babel-plugin-macros": "2.4.2", "babel-plugin-transform-dynamic-import": "2.1.0", - "babel-plugin-transform-react-remove-prop-types": "0.4.18" - } + "babel-plugin-transform-react-remove-prop-types": "0.4.18", + "snyk": "^1.316.1" + }, + "scripts": { + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" + }, + "snyk": true } From 8858a439ea25f1c196ae056996656cac39e0b539 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 1 May 2020 06:48:16 +0600 Subject: [PATCH 2/2] fix: packages/babel-preset-react-app/package.json & packages/babel-preset-react-app/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- packages/babel-preset-react-app/.snyk | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 packages/babel-preset-react-app/.snyk diff --git a/packages/babel-preset-react-app/.snyk b/packages/babel-preset-react-app/.snyk new file mode 100644 index 00000000000..3e7c24a19d9 --- /dev/null +++ b/packages/babel-preset-react-app/.snyk @@ -0,0 +1,22 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.14.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - '@babel/core > lodash': + patched: '2020-05-01T00:48:13.702Z' + - '@babel/preset-env > @babel/plugin-transform-block-scoping > lodash': + patched: '2020-05-01T00:48:13.702Z' + - '@babel/preset-env > @babel/plugin-transform-modules-umd > @babel/helper-module-transforms > lodash': + patched: '2020-05-01T00:48:13.702Z' + - '@babel/preset-env > @babel/plugin-transform-unicode-regex > @babel/helper-create-regexp-features-plugin > @babel/helper-regex > lodash': + patched: '2020-05-01T00:48:13.702Z' + - '@babel/preset-env > @babel/plugin-transform-exponentiation-operator > @babel/helper-builder-binary-assignment-operator-visitor > @babel/helper-explode-assignable-expression > @babel/traverse > lodash': + patched: '2020-05-01T00:48:13.702Z' + - '@babel/preset-env > @babel/plugin-transform-exponentiation-operator > @babel/helper-builder-binary-assignment-operator-visitor > @babel/helper-explode-assignable-expression > @babel/traverse > @babel/generator > lodash': + patched: '2020-05-01T00:48:13.702Z' + - '@babel/preset-env > @babel/plugin-transform-exponentiation-operator > @babel/helper-builder-binary-assignment-operator-visitor > @babel/helper-explode-assignable-expression > @babel/traverse > @babel/helper-split-export-declaration > @babel/types > lodash': + patched: '2020-05-01T00:48:13.702Z' + - '@babel/preset-env > @babel/plugin-transform-exponentiation-operator > @babel/helper-builder-binary-assignment-operator-visitor > @babel/helper-explode-assignable-expression > @babel/traverse > @babel/helper-function-name > @babel/helper-get-function-arity > @babel/types > lodash': + patched: '2020-05-01T00:48:13.702Z'