From 73e4b8fc7fd825ba030166d24383a8af1c5bc5bc Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 30 Apr 2020 18:27:57 -0400 Subject: [PATCH 1/2] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-JQUERY-567880 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- package.json | 109 ++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 108 insertions(+), 1 deletion(-) diff --git a/package.json b/package.json index 4d917e173..2d554ef1f 120000 --- a/package.json +++ b/package.json @@ -1 +1,108 @@ -regulations/static/config/package.json \ No newline at end of file +{ + "name": "regulations-site", + "version": "8.4.0", + "homepage": "https://eregs.github.io/", + "contributors": [ + { + "name": "Consumer Financial Protection Bureau", + "url": "http://cfpb.github.io/" + }, + { + "name": "18F", + "url": "https://18f.gsa.gov/" + } + ], + "repository": { + "type": "git", + "url": "http://github.com/eregs/regulations-site.git" + }, + "bugs": { + "url": "http://github.com/eregs/regulations-site/issues" + }, + "licenses": [ + { + "type": "Public Domain", + "url": "http://github.com/eregs/regulations-site/blob/master/TERMS.md" + } + ], + "engines": { + "node": "6.9.2" + }, + "devDependencies": { + "babel-cli": "^6.18.0", + "babel-preset-es2015": "^6.18.0", + "babel-preset-react": "^6.16.0", + "babelify": "^7.3.0", + "browserify": "^13.0.0", + "browserify-shim": "^3.8.12", + "chai": "^3.5.0", + "coveralls": "^2.11.2", + "deamdify": "^0.1.1", + "dom-storage": "^2.0.2", + "eslint": "^3.12.2", + "eslint-config-airbnb": "^13.0.0", + "eslint-plugin-import": "^2.2.0", + "eslint-plugin-jsx-a11y": "^2.2.3", + "eslint-plugin-react": "^6.8.0", + "expect.js": "~0.2.0", + "grunt": "^0.4.5", + "grunt-browserify": "^5.0.0", + "grunt-contrib-copy": "^1.0.0", + "grunt-contrib-cssmin": "^1.0.1", + "grunt-env": "^0.4.4", + "grunt-eslint": "^19.0.0", + "grunt-mocha-istanbul": "^5.0.2", + "grunt-sass": "^2.0.0", + "grunt-shell": "^1.2.1", + "isparta": "^4.0.0", + "istanbul": "^0.4.2", + "jsdom": "^8.1.0", + "load-grunt-tasks": "^3.4.1", + "minifyify": "^7.2.1", + "mocha": "^3.2.0", + "mocha-jsdom": "^1.1.0", + "sinon": "^1.17.3", + "sinon-chai": "^2.8.0", + "watch": "^0.17.1" + }, + "keywords": [], + "browser": { + "jquery": "./node_modules/jquery/dist/jquery.js" + }, + "browserify-shim": { + "jquery": { + "exports": "jQuery" + } + }, + "dependencies": { + "backbone": "^1.3.3", + "backbone-query-parameters": "0.4.0", + "backbone.localstorage": "^2.0.0", + "clipboard": "^1.7.1", + "datatables.net": "^1.10.15", + "filesize": "^3.5.10", + "jquery": "^3.5.0", + "jquery-lazyload": "^1.9.7", + "jquery-scrollstop": "^1.2.0", + "prosemirror": "0.4.0", + "query-command-supported": "^1.0.0", + "query-string": "^5.0.0", + "react": "^15.4.1", + "react-dom": "^15.4.1", + "redux": "^3.6.0", + "respond.js": "^1.4.2", + "underscore": "^1.8.3", + "urijs": "^1.18.10", + "snyk": "^1.316.1" + }, + "config": { + "travis-cov": { + "threshold": 70 + } + }, + "scripts": { + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" + }, + "snyk": true +} From 4fb765c2cba00a06bd6b79f28b250cf087a10405 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 30 Apr 2020 18:27:58 -0400 Subject: [PATCH 2/2] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-JQUERY-567880 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- .snyk | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 000000000..9903ea036 --- /dev/null +++ b/.snyk @@ -0,0 +1,8 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.14.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - redux > lodash: + patched: '2020-04-30T22:27:55.540Z'