From 39757c416b87ffa44cd7fcf47d44291257e76362 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Mon, 22 Apr 2024 10:47:36 +0000 Subject: [PATCH] fix: packages/cli/package.json, packages/cli/package-lock.json & packages/cli/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 - https://snyk.io/vuln/npm:lodash:20180130 --- packages/cli/.snyk | 271 +++++++++++++++++++++++++++++++++ packages/cli/package-lock.json | 50 +++--- packages/cli/package.json | 10 +- 3 files changed, 309 insertions(+), 22 deletions(-) create mode 100644 packages/cli/.snyk diff --git a/packages/cli/.snyk b/packages/cli/.snyk new file mode 100644 index 000000000..ca2e67a8f --- /dev/null +++ b/packages/cli/.snyk @@ -0,0 +1,271 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.25.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - web-component-tester > async > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: web-component-tester > async > lodash + - polymer-build > babel-preset-minify > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: polymer-build > babel-preset-minify > lodash + - polymer-bundler > babel-types > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: polymer-bundler > babel-types > lodash + - polymer-linter > babel-types > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: polymer-linter > babel-types > lodash + - polymer-bundler > babel-generator > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: polymer-bundler > babel-generator > lodash + - polymer-bundler > babel-traverse > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: polymer-bundler > babel-traverse > lodash + - polymer-linter > babel-traverse > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: polymer-linter > babel-traverse > lodash + - polyserve > http-proxy-middleware > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: polyserve > http-proxy-middleware > lodash + - web-component-tester > wct-sauce > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: web-component-tester > wct-sauce > lodash + - web-component-tester > wd > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: web-component-tester > wd > lodash + - polymer-project-config > winston > async > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: polymer-project-config > winston > async > lodash + - web-component-tester > wd > async > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: web-component-tester > wd > async > lodash + - polymer-build > babel-preset-minify > babel-plugin-minify-dead-code-elimination > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: >- + polymer-build > babel-preset-minify > + babel-plugin-minify-dead-code-elimination > lodash + - polyserve > polymer-build > babel-preset-minify > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: polyserve > polymer-build > babel-preset-minify > lodash + - polymer-bundler > babel-generator > babel-types > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: polymer-bundler > babel-generator > babel-types > lodash + - polymer-bundler > babel-traverse > babel-types > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: polymer-bundler > babel-traverse > babel-types > lodash + - polymer-linter > babel-traverse > babel-types > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: polymer-linter > babel-traverse > babel-types > lodash + - polymer-build > polymer-bundler > babel-types > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: polymer-build > polymer-bundler > babel-types > lodash + - polymer-build > polymer-bundler > babel-generator > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: polymer-build > polymer-bundler > babel-generator > lodash + - polymer-build > polymer-bundler > babel-traverse > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: polymer-build > polymer-bundler > babel-traverse > lodash + - web-component-tester > polyserve > http-proxy-middleware > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: web-component-tester > polyserve > http-proxy-middleware > lodash + - web-component-tester > wct-sauce > sauce-connect-launcher > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: web-component-tester > wct-sauce > sauce-connect-launcher > lodash + - polymer-project-config > plylog > winston > async > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: polymer-project-config > plylog > winston > async > lodash + - polymer-build > plylog > winston > async > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: polymer-build > plylog > winston > async > lodash + - polymer-build > polymer-project-config > winston > async > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: polymer-build > polymer-project-config > winston > async > lodash + - polyserve > polymer-project-config > winston > async > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: polyserve > polymer-project-config > winston > async > lodash + - web-component-tester > wct-local > launchpad > async > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: web-component-tester > wct-local > launchpad > async > lodash + - web-component-tester > wct-sauce > sauce-connect-launcher > async > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: >- + web-component-tester > wct-sauce > sauce-connect-launcher > async > + lodash + - polyserve > polymer-build > babel-preset-minify > babel-plugin-minify-dead-code-elimination > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: >- + polyserve > polymer-build > babel-preset-minify > + babel-plugin-minify-dead-code-elimination > lodash + - web-component-tester > polyserve > polymer-build > babel-preset-minify > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: >- + web-component-tester > polyserve > polymer-build > babel-preset-minify + > lodash + - polymer-build > polymer-bundler > babel-generator > babel-types > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: >- + polymer-build > polymer-bundler > babel-generator > babel-types > + lodash + - polymer-build > polymer-bundler > babel-traverse > babel-types > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: >- + polymer-build > polymer-bundler > babel-traverse > babel-types > + lodash + - polyserve > polymer-build > polymer-bundler > babel-types > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: polyserve > polymer-build > polymer-bundler > babel-types > lodash + - polyserve > polymer-build > polymer-bundler > babel-generator > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: polyserve > polymer-build > polymer-bundler > babel-generator > lodash + - polyserve > polymer-build > polymer-bundler > babel-traverse > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: polyserve > polymer-build > polymer-bundler > babel-traverse > lodash + - polymer-build > polymer-project-config > plylog > winston > async > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: >- + polymer-build > polymer-project-config > plylog > winston > async > + lodash + - polyserve > polymer-project-config > plylog > winston > async > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: polyserve > polymer-project-config > plylog > winston > async > lodash + - polyserve > polymer-build > plylog > winston > async > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: polyserve > polymer-build > plylog > winston > async > lodash + - polyserve > polymer-build > polymer-project-config > winston > async > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: >- + polyserve > polymer-build > polymer-project-config > winston > async > + lodash + - web-component-tester > polyserve > polymer-project-config > winston > async > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: >- + web-component-tester > polyserve > polymer-project-config > winston > + async > lodash + - web-component-tester > polyserve > polymer-build > babel-preset-minify > babel-plugin-minify-dead-code-elimination > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: >- + web-component-tester > polyserve > polymer-build > babel-preset-minify + > babel-plugin-minify-dead-code-elimination > lodash + - polyserve > polymer-build > polymer-bundler > babel-generator > babel-types > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: >- + polyserve > polymer-build > polymer-bundler > babel-generator > + babel-types > lodash + - polyserve > polymer-build > polymer-bundler > babel-traverse > babel-types > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: >- + polyserve > polymer-build > polymer-bundler > babel-traverse > + babel-types > lodash + - web-component-tester > polyserve > polymer-build > polymer-bundler > babel-types > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: >- + web-component-tester > polyserve > polymer-build > polymer-bundler > + babel-types > lodash + - web-component-tester > polyserve > polymer-build > polymer-bundler > babel-generator > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: >- + web-component-tester > polyserve > polymer-build > polymer-bundler > + babel-generator > lodash + - web-component-tester > polyserve > polymer-build > polymer-bundler > babel-traverse > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: >- + web-component-tester > polyserve > polymer-build > polymer-bundler > + babel-traverse > lodash + - polyserve > polymer-build > polymer-project-config > plylog > winston > async > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: >- + polyserve > polymer-build > polymer-project-config > plylog > winston + > async > lodash + - web-component-tester > polyserve > polymer-project-config > plylog > winston > async > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: >- + web-component-tester > polyserve > polymer-project-config > plylog > + winston > async > lodash + - web-component-tester > polyserve > polymer-build > plylog > winston > async > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: >- + web-component-tester > polyserve > polymer-build > plylog > winston > + async > lodash + - web-component-tester > polyserve > polymer-build > polymer-project-config > winston > async > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: >- + web-component-tester > polyserve > polymer-build > + polymer-project-config > winston > async > lodash + - web-component-tester > polyserve > polymer-build > polymer-bundler > babel-generator > babel-types > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: >- + web-component-tester > polyserve > polymer-build > polymer-bundler > + babel-generator > babel-types > lodash + - web-component-tester > polyserve > polymer-build > polymer-bundler > babel-traverse > babel-types > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: >- + web-component-tester > polyserve > polymer-build > polymer-bundler > + babel-traverse > babel-types > lodash + - web-component-tester > polyserve > polymer-build > polymer-project-config > plylog > winston > async > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: SNYK-JS-LODASH-567746 + path: >- + web-component-tester > polyserve > polymer-build > + polymer-project-config > plylog > winston > async > lodash + 'npm:lodash:20180130': + - web-component-tester > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: 'npm:lodash:20180130' + path: web-component-tester > lodash + - web-component-tester > stacky > lodash: + patched: '2024-04-22T10:47:29.829Z' + id: 'npm:lodash:20180130' + path: web-component-tester > stacky > lodash diff --git a/packages/cli/package-lock.json b/packages/cli/package-lock.json index a67fce4f6..616e6a4c1 100644 --- a/packages/cli/package-lock.json +++ b/packages/cli/package-lock.json @@ -823,6 +823,11 @@ "integrity": "sha512-+iTbntw2IZPb/anVDbypzfQa+ay64MW0Zo8aJ8gZPWMMK6/OubMVb6lUPMagqjOPnmtauXnFCACVl3O7ogjeqQ==", "dev": true }, + "@snyk/protect": { + "version": "1.1289.0", + "resolved": "https://registry.npmjs.org/@snyk/protect/-/protect-1.1289.0.tgz", + "integrity": "sha512-vVYepPMR4X8f/pCRM17VGrotsZ5Gw1ZB8uxQwu9PY7GKuo99semoH8E9iqrw2hioef/aVYl79ZNdwZHDgTfdpw==" + }, "@szmarczak/http-timer": { "version": "4.0.6", "resolved": "https://registry.npmjs.org/@szmarczak/http-timer/-/http-timer-4.0.6.tgz", @@ -1563,6 +1568,7 @@ "version": "4.3.0", "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-4.3.0.tgz", "integrity": "sha512-salcGninV0nPrwpGNn4VTXBb1SOuXQBiqbrNXoeizJsHrsL6ERFM2Ne3JUSBWRE6aeNJI2ROP/WEEIDUiDe3cg==", + "devOptional": true, "requires": { "es6-promisify": "^5.0.0" } @@ -3881,6 +3887,7 @@ "version": "5.0.0", "resolved": "https://registry.npmjs.org/es6-promisify/-/es6-promisify-5.0.0.tgz", "integrity": "sha1-UQnWLz5W6pZ8S2NQWu8IKRyKUgM=", + "devOptional": true, "requires": { "es6-promise": "^4.0.3" } @@ -5458,22 +5465,22 @@ "bundled": true, "optional": true }, - "string-width": { - "version": "1.0.2", + "string_decoder": { + "version": "1.1.1", "bundled": true, "optional": true, "requires": { - "code-point-at": "^1.0.0", - "is-fullwidth-code-point": "^1.0.0", - "strip-ansi": "^3.0.0" + "safe-buffer": "~5.1.0" } }, - "string_decoder": { - "version": "1.1.1", + "string-width": { + "version": "1.0.2", "bundled": true, "optional": true, "requires": { - "safe-buffer": "~5.1.0" + "code-point-at": "^1.0.0", + "is-fullwidth-code-point": "^1.0.0", + "strip-ansi": "^3.0.0" } }, "strip-ansi": { @@ -6475,6 +6482,7 @@ "version": "2.2.4", "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-2.2.4.tgz", "integrity": "sha512-OmvfoQ53WLjtA9HeYP9RNrWMJzzAz1JGaSFr1nijg0PVR1JaD/xbJq1mdEIIlxGpXp9eSe/O2LgU9DJmTPd0Eg==", + "devOptional": true, "requires": { "agent-base": "^4.3.0", "debug": "^3.1.0" @@ -6484,6 +6492,7 @@ "version": "3.2.7", "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.7.tgz", "integrity": "sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==", + "devOptional": true, "requires": { "ms": "^2.1.1" } @@ -6491,7 +6500,8 @@ "ms": { "version": "2.1.3", "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", - "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==" + "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", + "devOptional": true } } }, @@ -8681,7 +8691,8 @@ "pend": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/pend/-/pend-1.2.0.tgz", - "integrity": "sha1-elfrVQpng/kRUzH89GY9XI4AelA=" + "integrity": "sha1-elfrVQpng/kRUzH89GY9XI4AelA=", + "devOptional": true }, "performance-now": { "version": "2.1.0", @@ -9117,7 +9128,8 @@ "progress": { "version": "2.0.3", "resolved": "https://registry.npmjs.org/progress/-/progress-2.0.3.tgz", - "integrity": "sha512-7PiHtLll5LdnKIMw100I+8xJXR5gW2QwWYkT6iJva0bXitZKa/XMrSbdmg3r2Xnaidz9Qumd0VPaMrZlF9V9sA==" + "integrity": "sha512-7PiHtLll5LdnKIMw100I+8xJXR5gW2QwWYkT6iJva0bXitZKa/XMrSbdmg3r2Xnaidz9Qumd0VPaMrZlF9V9sA==", + "devOptional": true }, "proxy-addr": { "version": "2.0.7", @@ -10972,6 +10984,14 @@ "resolved": "https://registry.npmjs.org/streamsearch/-/streamsearch-0.1.2.tgz", "integrity": "sha1-gIudDlb8Jz2Am6VzOOkpkZoanxo=" }, + "string_decoder": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", + "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", + "requires": { + "safe-buffer": "~5.1.0" + } + }, "string-template": { "version": "0.2.1", "resolved": "https://registry.npmjs.org/string-template/-/string-template-0.2.1.tgz", @@ -10987,14 +11007,6 @@ "strip-ansi": "^3.0.0" } }, - "string_decoder": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", - "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", - "requires": { - "safe-buffer": "~5.1.0" - } - }, "strip-ansi": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz", diff --git a/packages/cli/package.json b/packages/cli/package.json index f998d1dfd..1489d7d45 100644 --- a/packages/cli/package.json +++ b/packages/cli/package.json @@ -28,7 +28,9 @@ "test:watch": "tsc-then -- mocha \"lib/test/**/*_test.js\"", "test:watch:unit": "tsc-then -- mocha \"lib/test/unit/**/*_test.js\"", "test:watch:integration": "tsc-then -- mocha \"lib/test/integration/**/*_test.js\"", - "update-goldens": "tsc && UPDATE_POLYMER_CLI_GOLDENS=true mocha lib/test/integration/build_test.js || echo ''" + "update-goldens": "tsc && UPDATE_POLYMER_CLI_GOLDENS=true mocha lib/test/integration/build_test.js || echo ''", + "prepare": "npm run snyk-protect", + "snyk-protect": "snyk-protect" }, "dependencies": { "@octokit/rest": "^16.2.0", @@ -81,7 +83,8 @@ "vinyl-fs": "^2.4.3", "web-component-tester": "^6.9.0", "yeoman-environment": "^1.5.2", - "yeoman-generator": "^3.1.1" + "yeoman-generator": "^3.1.1", + "@snyk/protect": "latest" }, "devDependencies": { "@polymer/tools-common": "^2.0.0", @@ -103,5 +106,6 @@ "vinyl-fs-fake": "^1.1.0", "yeoman-assert": "^2.2.1", "yeoman-test": "^1.1.0" - } + }, + "snyk": true }