From cd9332e4a56f2959fb294563bd5fb6137bb78349 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 5 Oct 2022 21:33:20 +0000 Subject: [PATCH] fix: packages/benchpress/package.json & packages/benchpress/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ADMZIP-1065796 - https://snyk.io/vuln/SNYK-JS-ANGULARCORE-1070902 - https://snyk.io/vuln/SNYK-JS-BL-608877 - https://snyk.io/vuln/SNYK-JS-HAWK-2808852 - https://snyk.io/vuln/SNYK-JS-LODASH-1018905 - https://snyk.io/vuln/SNYK-JS-LODASH-1040724 - https://snyk.io/vuln/SNYK-JS-LODASH-450202 - https://snyk.io/vuln/SNYK-JS-LODASH-567746 - https://snyk.io/vuln/SNYK-JS-LODASH-608086 - https://snyk.io/vuln/SNYK-JS-LODASH-73638 - https://snyk.io/vuln/SNYK-JS-LODASH-73639 - https://snyk.io/vuln/SNYK-JS-LODASHMERGE-173732 - https://snyk.io/vuln/SNYK-JS-LODASHMERGE-173733 - https://snyk.io/vuln/SNYK-JS-WS-1296835 - https://snyk.io/vuln/npm:adm-zip:20180415 - https://snyk.io/vuln/npm:hoek:20180212 - https://snyk.io/vuln/npm:lodash:20180130 - https://snyk.io/vuln/npm:ms:20170412 - https://snyk.io/vuln/npm:qs:20170213 - https://snyk.io/vuln/npm:request:20160119 - https://snyk.io/vuln/npm:semver:20150403 - https://snyk.io/vuln/npm:tough-cookie:20160722 - https://snyk.io/vuln/npm:tough-cookie:20170905 - https://snyk.io/vuln/npm:tunnel-agent:20170305 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:hoek:20180212 - https://snyk.io/vuln/npm:lodash:20180130 - https://snyk.io/vuln/npm:ms:20170412 - https://snyk.io/vuln/npm:tunnel-agent:20170305 --- packages/benchpress/.snyk | 27 +++++++++++++++++++++++++++ packages/benchpress/package.json | 16 +++++++++++----- 2 files changed, 38 insertions(+), 5 deletions(-) create mode 100644 packages/benchpress/.snyk diff --git a/packages/benchpress/.snyk b/packages/benchpress/.snyk new file mode 100644 index 000000000000..57ab389e3ee5 --- /dev/null +++ b/packages/benchpress/.snyk @@ -0,0 +1,27 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.25.0 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:hoek:20180212': + - jpm > sign-addon > request > hawk > hoek: + patched: '2022-10-05T21:33:17.576Z' + - jpm > sign-addon > jsonwebtoken > joi > hoek: + patched: '2022-10-05T21:33:17.576Z' + - jpm > sign-addon > request > hawk > boom > hoek: + patched: '2022-10-05T21:33:17.576Z' + - jpm > sign-addon > request > hawk > sntp > hoek: + patched: '2022-10-05T21:33:17.576Z' + - jpm > sign-addon > jsonwebtoken > joi > topo > hoek: + patched: '2022-10-05T21:33:17.576Z' + - jpm > sign-addon > request > hawk > cryptiles > boom > hoek: + patched: '2022-10-05T21:33:17.576Z' + 'npm:lodash:20180130': + - jpm > fx-runner > lodash: + patched: '2022-10-05T21:33:17.576Z' + 'npm:ms:20170412': + - jpm > sign-addon > jsonwebtoken > ms: + patched: '2022-10-05T21:33:17.576Z' + 'npm:tunnel-agent:20170305': + - jpm > sign-addon > request > tunnel-agent: + patched: '2022-10-05T21:33:17.576Z' diff --git a/packages/benchpress/package.json b/packages/benchpress/package.json index a7d77cd65907..bb8df786b4e3 100644 --- a/packages/benchpress/package.json +++ b/packages/benchpress/package.json @@ -6,12 +6,13 @@ "typings": "./index.d.ts", "strictNullChecks": true, "dependencies": { - "@angular/core": "^2.0.0-rc.7", + "@angular/core": "^11.0.5", "reflect-metadata": "^0.1.2", "rxjs": "^6.0.0", - "jpm": "1.1.4", - "firefox-profile": "0.4.0", - "selenium-webdriver": "^2.53.3" + "jpm": "1.2.0", + "firefox-profile": "4.1.0", + "selenium-webdriver": "^3.5.0", + "@snyk/protect": "latest" }, "repository": { "type": "git", @@ -25,5 +26,10 @@ "bugs": { "url": "https://github.com/angular/angular/issues" }, - "homepage": "https://github.com/angular/angular/tree/master/packages/compiler-cli" + "homepage": "https://github.com/angular/angular/tree/master/packages/compiler-cli", + "scripts": { + "prepublish": "npm run snyk-protect", + "snyk-protect": "snyk-protect" + }, + "snyk": true } \ No newline at end of file