fix: package.json, package-lock.json & .snyk to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-BABELTRAVERSE-5962462


The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
This commit is contained in:
snyk-bot 2024-01-01 14:58:34 +00:00
parent 6947b6715e
commit 380b183ec3
No known key found for this signature in database
GPG Key ID: 5009E0832F4D3DD3
3 changed files with 12782 additions and 11587 deletions

10
.snyk Normal file
View File

@ -0,0 +1,10 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.25.1
ignore: {}
# patches apply the minimum changes required to fix a vulnerability
patch:
SNYK-JS-LODASH-567746:
- murmur-client > libp2p-websocket-star > async > lodash:
patched: '2024-01-01T14:57:36.636Z'
id: SNYK-JS-LODASH-567746
path: murmur-client > libp2p-websocket-star > async > lodash

24347
package-lock.json generated

File diff suppressed because it is too large Load Diff

View File

@ -26,21 +26,24 @@
"react-hot-loader": "^4.3.4",
"react-jazzicon": "^0.1.3",
"react-linkify": "^0.2.2",
"react-scripts": "2.1.3",
"react-scripts": "4.0.0",
"react-spinners": "^0.4.7",
"react-spotify-player": "^1.0.4",
"react-syntax-highlighter": "^10.0.1",
"react-youtube": "^7.8.0",
"status-js-api": "^1.2.6",
"typescript": "^3.2.4",
"uuid": "^3.3.2"
"uuid": "^3.3.2",
"@snyk/protect": "latest"
},
"scripts": {
"start": "react-scripts start",
"build": "react-scripts build",
"build-opt": "react-scripts --max_old_space_size=4096 build",
"test": "react-scripts test",
"eject": "react-scripts eject"
"eject": "react-scripts eject",
"prepare": "npm run snyk-protect",
"snyk-protect": "snyk-protect"
},
"eslintConfig": {
"extends": "react-app"
@ -50,5 +53,6 @@
"not dead",
"not ie <= 11",
"not op_mini all"
]
],
"snyk": true
}