fix: package.json, package-lock.json & .snyk to reduce vulnerabilities

The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
This commit is contained in:
snyk-bot 2024-06-05 22:36:26 +00:00
parent 6947b6715e
commit 4b73a17c32
No known key found for this signature in database
GPG Key ID: 78AC5AE55A47A65B
3 changed files with 992 additions and 812 deletions

18
.snyk Normal file
View File

@ -0,0 +1,18 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.25.1
ignore: {}
# patches apply the minimum changes required to fix a vulnerability
patch:
SNYK-JS-LODASH-567746:
- murmur-client > libp2p-websocket-star > async > lodash:
patched: '2024-06-05T22:35:46.816Z'
id: SNYK-JS-LODASH-567746
path: murmur-client > libp2p-websocket-star > async > lodash
- status-js-api > web3 > web3-shh > web3-utils > lodash:
patched: '2024-06-05T22:35:46.816Z'
id: SNYK-JS-LODASH-567746
path: status-js-api > web3 > web3-shh > web3-utils > lodash
- status-js-api > web3 > web3-eth-personal > web3-core-helpers > lodash:
patched: '2024-06-05T22:35:46.816Z'
id: SNYK-JS-LODASH-567746
path: status-js-api > web3 > web3-eth-personal > web3-core-helpers > lodash

1776
package-lock.json generated

File diff suppressed because it is too large Load Diff

View File

@ -33,14 +33,17 @@
"react-youtube": "^7.8.0",
"status-js-api": "^1.2.6",
"typescript": "^3.2.4",
"uuid": "^3.3.2"
"uuid": "^3.3.2",
"@snyk/protect": "latest"
},
"scripts": {
"start": "react-scripts start",
"build": "react-scripts build",
"build-opt": "react-scripts --max_old_space_size=4096 build",
"test": "react-scripts test",
"eject": "react-scripts eject"
"eject": "react-scripts eject",
"prepare": "npm run snyk-protect",
"snyk-protect": "snyk-protect"
},
"eslintConfig": {
"extends": "react-app"
@ -50,5 +53,6 @@
"not dead",
"not ie <= 11",
"not op_mini all"
]
],
"snyk": true
}