fix: package.json, package-lock.json & .snyk to reduce vulnerabilities

The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746
2024-06-12 22:08:51 +00:00 · 2024-06-12 22:08:51 +00:00 · 6febccb713
parent 6947b6715e
commit 6febccb713
3 changed files with 992 additions and 812 deletions
--- a/.snyk
+++ b/.snyk
@ -0,0 +1,18 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.1
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-LODASH-567746:
+    - murmur-client > libp2p-websocket-star > async > lodash:
+        patched: '2024-06-12T22:08:12.177Z'
+        id: SNYK-JS-LODASH-567746
+        path: murmur-client > libp2p-websocket-star > async > lodash
+    - status-js-api > web3 > web3-shh > web3-utils > lodash:
+        patched: '2024-06-12T22:08:12.177Z'
+        id: SNYK-JS-LODASH-567746
+        path: status-js-api > web3 > web3-shh > web3-utils > lodash
+    - status-js-api > web3 > web3-eth-personal > web3-core-helpers > lodash:
+        patched: '2024-06-12T22:08:12.177Z'
+        id: SNYK-JS-LODASH-567746
+        path: status-js-api > web3 > web3-eth-personal > web3-core-helpers > lodash
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@ -33,14 +33,17 @@
    "react-youtube": "^7.8.0",
    "status-js-api": "^1.2.6",
    "typescript": "^3.2.4",
-    "uuid": "^3.3.2"
+    "uuid": "^3.3.2",
+    "@snyk/protect": "latest"
  },
  "scripts": {
    "start": "react-scripts start",
    "build": "react-scripts build",
    "build-opt": "react-scripts --max_old_space_size=4096 build",
    "test": "react-scripts test",
-    "eject": "react-scripts eject"
+    "eject": "react-scripts eject",
+    "prepare": "npm run snyk-protect",
+    "snyk-protect": "snyk-protect"
  },
  "eslintConfig": {
    "extends": "react-app"
@ -50,5 +53,6 @@
    "not dead",
    "not ie <= 11",
    "not op_mini all"
-  ]
+  ],
+  "snyk": true
 }