From 5850c8b6e9bbfaf66073b448d2dabf78ecfbb0e2 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 1 May 2020 05:24:36 +0700 Subject: [PATCH 1/2] fix: website/package.json & website/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- website/package.json | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/website/package.json b/website/package.json index 876187784e..680a3ea4f9 100644 --- a/website/package.json +++ b/website/package.json @@ -41,6 +41,12 @@ "node-notifier": "^5.2.1", "postcss-inline-svg": "^3.1.1", "prismjs": "^1.15.0", - "watchify": "^3.11.0" - } + "watchify": "^3.11.0", + "snyk": "^1.316.1" + }, + "scripts": { + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" + }, + "snyk": true } From 9c420f632cbe1bb47ae260e5c06bc2a6aedca5f8 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 1 May 2020 05:24:37 +0700 Subject: [PATCH 2/2] fix: website/package.json & website/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- website/.snyk | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 website/.snyk diff --git a/website/.snyk b/website/.snyk new file mode 100644 index 0000000000..717eebc47f --- /dev/null +++ b/website/.snyk @@ -0,0 +1,36 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.14.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - '@babel/core > lodash': + patched: '2020-04-30T22:24:19.977Z' + - hexo > lodash: + patched: '2020-04-30T22:24:19.977Z' + - hexo-filter-github-emojis > lodash: + patched: '2020-04-30T22:24:19.977Z' + - '@babel/core > @babel/helper-module-transforms > lodash': + patched: '2020-04-30T22:24:19.977Z' + - hexo > warehouse > lodash: + patched: '2020-04-30T22:24:19.977Z' + - hexo-renderer-scss > node-sass > lodash: + patched: '2020-04-30T22:24:19.977Z' + - '@babel/core > @babel/helpers > @babel/traverse > lodash': + patched: '2020-04-30T22:24:19.977Z' + - hexo-browsersync > browser-sync > easy-extender > lodash: + patched: '2020-04-30T22:24:19.977Z' + - hexo-renderer-scss > node-sass > sass-graph > lodash: + patched: '2020-04-30T22:24:19.977Z' + - '@babel/core > @babel/helper-module-transforms > @babel/helper-replace-supers > @babel/traverse > lodash': + patched: '2020-04-30T22:24:19.977Z' + - hexo-filter-github-emojis > jsdom > request-promise-native > request-promise-core > lodash: + patched: '2020-04-30T22:24:19.977Z' + - hexo-renderer-scss > node-sass > gaze > globule > lodash: + patched: '2020-04-30T22:24:19.977Z' + - '@babel/core > @babel/helper-module-transforms > @babel/helper-replace-supers > @babel/traverse > @babel/generator > lodash': + patched: '2020-04-30T22:24:19.977Z' + - '@babel/core > @babel/helper-module-transforms > @babel/helper-replace-supers > @babel/traverse > @babel/helper-split-export-declaration > @babel/types > lodash': + patched: '2020-04-30T22:24:19.977Z' + - '@babel/core > @babel/helper-module-transforms > @babel/helper-replace-supers > @babel/traverse > @babel/helper-function-name > @babel/template > @babel/types > lodash': + patched: '2020-04-30T22:24:19.977Z'