diff --git a/packages/api/package.json b/packages/api/package.json index 844c1bfa8..91f66b851 100644 --- a/packages/api/package.json +++ b/packages/api/package.json @@ -34,7 +34,7 @@ "jsonwebtoken": "^8.5.1", "node-fetch": "^2.6.0", "normalize-url": "^4.5.0", - "snyk": "1.586.0", + "snyk": "1.605.0", "ts-node": "8.10.2", "typescript": "3.9.9", "uuid": "^3.3.3" diff --git a/yarn.lock b/yarn.lock index e655a41b6..80b011d60 100644 --- a/yarn.lock +++ b/yarn.lock @@ -5664,15 +5664,31 @@ micromatch "^4.0.2" picomatch "^2.2.1" -"@snyk/fix@1.554.0": - version "1.554.0" - resolved "https://registry.yarnpkg.com/@snyk/fix/-/fix-1.554.0.tgz#7ae786882e0ffea5e7f10d0b41e3d593b65555c4" - integrity sha512-q2eRVStgspPeI2wZ2EQGLpiWZMRg7o+4tsCk6m/kHZgQGDN4Bb7L3xslFW3OgF0+ZksYSaHl2cW2HmGiLRaYcA== +"@snyk/fix-pipenv-pipfile@0.3.5": + version "0.3.5" + resolved "https://registry.yarnpkg.com/@snyk/fix-pipenv-pipfile/-/fix-pipenv-pipfile-0.3.5.tgz#762d1d01f5dac95cad0ff39e7205aa09e3d19483" + integrity sha512-Kqe9wqUrSSGB0+QFrJjCy5ub7bNg10F5I/avJK95RY/2g9cXpQnkdkTexRmVdOl+IF5z3JBXRjBnIQb6buvp6w== + dependencies: + bottleneck "2.19.5" + debug "4.3.1" + source-map-support "^0.5.16" + tslib "^1.10.0" + +"@snyk/fix@1.601.0": + version "1.601.0" + resolved "https://registry.yarnpkg.com/@snyk/fix/-/fix-1.601.0.tgz#ff16c67e7e5643be16c6ac092d9de1ba162ce7f3" + integrity sha512-0Fz0nC547Qkg0FGpmvzDIPrrXvisQN6c07JM0RReM8Xb47p1o51O/MPsWdHIFJasIT5HkshyOaV5rjGQmfwHtQ== dependencies: "@snyk/dep-graph" "^1.21.0" + "@snyk/fix-pipenv-pipfile" "0.3.5" + bottleneck "2.19.5" chalk "4.1.0" + child_process "1.0.2" debug "^4.3.1" - ora "5.3.0" + lodash.groupby "4.6.0" + lodash.orderby "^4.6.0" + lodash.sortby "^4.7.0" + ora "5.4.0" p-map "^4.0.0" strip-ansi "6.0.0" @@ -5746,10 +5762,10 @@ strip-ansi "^6.0.0" through "^2.3.6" -"@snyk/java-call-graph-builder@1.19.1": - version "1.19.1" - resolved "https://registry.yarnpkg.com/@snyk/java-call-graph-builder/-/java-call-graph-builder-1.19.1.tgz#1d579d782df3bb5f9d5171cc35180596cd90aa8b" - integrity sha512-bxjHef5Qm3pNc+BrFlxMudmSSbOjA395ZqBddc+dvsFHoHeyNbiY56Y1JSGUlTgjRM+PKNPBiCuELTSMaROeZg== +"@snyk/java-call-graph-builder@1.20.0": + version "1.20.0" + resolved "https://registry.yarnpkg.com/@snyk/java-call-graph-builder/-/java-call-graph-builder-1.20.0.tgz#ffca734cf7ce276a69277963149358190eaac3e5" + integrity sha512-NX8bpIu7oG5cuSSm6WvtxqcCuJs2gRjtKhtuSeF1p5TYXyESs3FXQ0nHjfY90LiyTTc+PW/UBq6SKbBA6bCBww== dependencies: "@snyk/graphlib" "2.1.9-patch.3" ci-info "^2.0.0" @@ -5765,10 +5781,10 @@ tslib "^1.9.3" xml-js "^1.6.11" -"@snyk/java-call-graph-builder@1.20.0": - version "1.20.0" - resolved "https://registry.yarnpkg.com/@snyk/java-call-graph-builder/-/java-call-graph-builder-1.20.0.tgz#ffca734cf7ce276a69277963149358190eaac3e5" - integrity sha512-NX8bpIu7oG5cuSSm6WvtxqcCuJs2gRjtKhtuSeF1p5TYXyESs3FXQ0nHjfY90LiyTTc+PW/UBq6SKbBA6bCBww== +"@snyk/java-call-graph-builder@1.21.0": + version "1.21.0" + resolved "https://registry.yarnpkg.com/@snyk/java-call-graph-builder/-/java-call-graph-builder-1.21.0.tgz#0b0b129c2547d54a3d8ab4d4b897e008033179b0" + integrity sha512-i0c4N0+pYjpXEgqAkFniM3Q9YANvy+RtbbkQMPIvdEw41+XJISfEHzZ968ZmGWcoi480cgo5t9oxZEadFuHzyg== dependencies: "@snyk/graphlib" "2.1.9-patch.3" ci-info "^2.0.0" @@ -9303,7 +9319,7 @@ bl@^4.0.1: inherits "^2.0.4" readable-stream "^3.4.0" -bl@^4.0.3: +bl@^4.0.3, bl@^4.1.0: version "4.1.0" resolved "https://registry.yarnpkg.com/bl/-/bl-4.1.0.tgz#451535264182bec2fbbc83a62ab98cf11d9f7b3a" integrity sha512-1W07cM9gS6DcLperZfFSj+bWLtaPGSOHWhPiGzXmvVJbRLdG82sH/Kn8EtW1VqWVA54AKf2h5k5BbnIbwF3h6w== @@ -9365,6 +9381,11 @@ boolean@^3.0.1: resolved "https://registry.yarnpkg.com/boolean/-/boolean-3.0.2.tgz#df1baa18b6a2b0e70840475e1d93ec8fe75b2570" integrity sha512-RwywHlpCRc3/Wh81MiCKun4ydaIFyW5Ea6JbL6sRCVx5q5irDw7pMXBUFYF/jArQ6YrG36q0kpovc9P/Kd3I4g== +bottleneck@2.19.5: + version "2.19.5" + resolved "https://registry.yarnpkg.com/bottleneck/-/bottleneck-2.19.5.tgz#5df0b90f59fd47656ebe63c78a98419205cadd91" + integrity sha512-VHiNCbI1lKdl44tGrhNfU3lup0Tj/ZBMJB5/2ZbNXRCPuRCO7ed2mgcK4r17y+KB2EfuYuRaVlwNbAeaWGSpbw== + boxen@^1.2.1: version "1.3.0" resolved "https://registry.yarnpkg.com/boxen/-/boxen-1.3.0.tgz#55c6c39a8ba58d9c61ad22cd877532deb665a20b" @@ -10419,6 +10440,11 @@ child-process@^1.0.2: resolved "https://registry.yarnpkg.com/child-process/-/child-process-1.0.2.tgz#98974dc7ed1ee4c6229f8e305fa7313a6885a7f2" integrity sha1-mJdNx+0e5MYin44wX6cxOmiFp/I= +child_process@1.0.2: + version "1.0.2" + resolved "https://registry.yarnpkg.com/child_process/-/child_process-1.0.2.tgz#b1f7e7fc73d25e7fd1d455adc94e143830182b5a" + integrity sha1-sffn/HPSXn/R1FWtyU4UODAYK1o= + chokidar@^2.1.8: version "2.1.8" resolved "https://registry.yarnpkg.com/chokidar/-/chokidar-2.1.8.tgz#804b3a7b6a99358c3c5c61e71d8728f041cff917" @@ -12139,6 +12165,13 @@ debug@4, debug@^4.0.0, debug@^4.0.1, debug@^4.1.0, debug@^4.1.1: dependencies: ms "^2.1.1" +debug@4.3.1, debug@^4.3.1, debug@~4.3.1: + version "4.3.1" + resolved "https://registry.yarnpkg.com/debug/-/debug-4.3.1.tgz#f0d229c505e0c6d8c49ac553d1b13dc183f6b2ee" + integrity sha512-doEwdvm4PCeK4K3RQN2ZC2BYUBaxwLARCqZmMjtF8a51J2Rb0xpVloFRnCODwqjpwnAoao4pelN8l3RJdv3gRQ== + dependencies: + ms "2.1.2" + debug@^3.0.0, debug@^3.1.0, debug@^3.1.1, debug@^3.2.5, debug@^3.2.6: version "3.2.6" resolved "https://registry.yarnpkg.com/debug/-/debug-3.2.6.tgz#e83d17de16d8a7efb7717edbe5fb10135eee629b" @@ -12160,13 +12193,6 @@ debug@^4.2.0: dependencies: ms "2.1.2" -debug@^4.3.1, debug@~4.3.1: - version "4.3.1" - resolved "https://registry.yarnpkg.com/debug/-/debug-4.3.1.tgz#f0d229c505e0c6d8c49ac553d1b13dc183f6b2ee" - integrity sha512-doEwdvm4PCeK4K3RQN2ZC2BYUBaxwLARCqZmMjtF8a51J2Rb0xpVloFRnCODwqjpwnAoao4pelN8l3RJdv3gRQ== - dependencies: - ms "2.1.2" - debuglog@^1.0.1: version "1.0.1" resolved "https://registry.yarnpkg.com/debuglog/-/debuglog-1.0.1.tgz#aa24ffb9ac3df9a2351837cfb2d279360cd78492" @@ -18529,6 +18555,11 @@ is-unc-path@^1.0.0: dependencies: unc-path-regex "^0.1.2" +is-unicode-supported@^0.1.0: + version "0.1.0" + resolved "https://registry.yarnpkg.com/is-unicode-supported/-/is-unicode-supported-0.1.0.tgz#3f26c76a809593b52bfa2ecb5710ed2779b522a7" + integrity sha512-knxG2q4UC3u8stRGyAVJCOdxFmv5DZiRcdlIaAQXAbSfJya+OhopNotLQrstBhququ4ZpuKbDc/8S6mgXgPFPw== + is-upper-case@^1.1.0: version "1.1.2" resolved "https://registry.yarnpkg.com/is-upper-case/-/is-upper-case-1.1.2.tgz#8d0b1fa7e7933a1e58483600ec7d9661cbaf756f" @@ -20090,7 +20121,7 @@ lodash.get@^4, lodash.get@^4.0.0, lodash.get@^4.4.2: resolved "https://registry.yarnpkg.com/lodash.get/-/lodash.get-4.4.2.tgz#2d177f652fa31e939b4438d5341499dfa3825e99" integrity sha1-LRd/ZS+jHpObRDjVNBSZ36OCXpk= -lodash.groupby@^4.6.0: +lodash.groupby@4.6.0, lodash.groupby@^4.6.0: version "4.6.0" resolved "https://registry.yarnpkg.com/lodash.groupby/-/lodash.groupby-4.6.0.tgz#0b08a1dcf68397c397855c3239783832df7403d1" integrity sha1-Cwih3PaDl8OXhVwyOXg4Mt90A9E= @@ -20393,6 +20424,14 @@ log-symbols@^4.0.0: dependencies: chalk "^4.0.0" +log-symbols@^4.1.0: + version "4.1.0" + resolved "https://registry.yarnpkg.com/log-symbols/-/log-symbols-4.1.0.tgz#3fbdbb95b4683ac9fc785111e792e558d4abd503" + integrity sha512-8XPvpAA8uyhfteu8pIvQxpJZ7SYYdpUivZpGy6sFsBuKRY/7rQGavedeB8aK+Zkyq6upMFVL/9AW6vOYzfRyLg== + dependencies: + chalk "^4.1.0" + is-unicode-supported "^0.1.0" + log-update@^2.3.0: version "2.3.0" resolved "https://registry.yarnpkg.com/log-update/-/log-update-2.3.0.tgz#88328fd7d1ce7938b29283746f0b1bc126b24708" @@ -22639,17 +22678,18 @@ optionator@^0.8.1, optionator@^0.8.3: type-check "~0.3.2" word-wrap "~1.2.3" -ora@5.3.0: - version "5.3.0" - resolved "https://registry.yarnpkg.com/ora/-/ora-5.3.0.tgz#fb832899d3a1372fe71c8b2c534bbfe74961bb6f" - integrity sha512-zAKMgGXUim0Jyd6CXK9lraBnD3H5yPGBPPOkC23a2BG6hsm4Zu6OQSjQuEtV0BHDf4aKHcUFvJiGRrFuW3MG8g== +ora@5.4.0: + version "5.4.0" + resolved "https://registry.yarnpkg.com/ora/-/ora-5.4.0.tgz#42eda4855835b9cd14d33864c97a3c95a3f56bf4" + integrity sha512-1StwyXQGoU6gdjYkyVcqOLnVlbKj+6yPNNOxJVgpt9t4eksKjiriiHuxktLYkgllwk+D6MbC4ihH84L1udRXPg== dependencies: - bl "^4.0.3" + bl "^4.1.0" chalk "^4.1.0" cli-cursor "^3.1.0" cli-spinners "^2.5.0" is-interactive "^1.0.0" - log-symbols "^4.0.0" + is-unicode-supported "^0.1.0" + log-symbols "^4.1.0" strip-ansi "^6.0.0" wcwidth "^1.0.1" @@ -27095,10 +27135,10 @@ snyk-go-plugin@1.17.0: tmp "0.2.1" tslib "^1.10.0" -snyk-gradle-plugin@3.14.4: - version "3.14.4" - resolved "https://registry.yarnpkg.com/snyk-gradle-plugin/-/snyk-gradle-plugin-3.14.4.tgz#daaff12ab017014e685520703abd432600e98b56" - integrity sha512-EwosGFPizeg03wFl2z0X8qw5+zpTZLGwgtLyFcFTBCUxfuLjEOy71XYkgpHOOsV9PPKzOIAKjOhKof4K1nyinw== +snyk-gradle-plugin@3.14.5: + version "3.14.5" + resolved "https://registry.yarnpkg.com/snyk-gradle-plugin/-/snyk-gradle-plugin-3.14.5.tgz#f2c1c370c811515a0c2c9b75f9bb97a2c55cbdb2" + integrity sha512-dOT4KZUC7AIR08xMUOAMNC5um5nlqjwLJCNz7AAgZHzJfNe93nbMcTN8Y5TiItCkAqNlJ/V4eI3uzVZJvOQoLw== dependencies: "@snyk/cli-interface" "2.11.0" "@snyk/dep-graph" "^1.28.0" @@ -27138,14 +27178,14 @@ snyk-module@3.1.0, snyk-module@^3.0.0, snyk-module@^3.1.0: debug "^4.1.1" hosted-git-info "^3.0.4" -snyk-mvn-plugin@2.25.3: - version "2.25.3" - resolved "https://registry.yarnpkg.com/snyk-mvn-plugin/-/snyk-mvn-plugin-2.25.3.tgz#fb7f6fa1d565b9f07c032e8b34e6308c310b2a27" - integrity sha512-JAxOThX51JDbgMMjp3gQDVi07G9VgTYSF06QC7f5LNA0zoXNr743e2rm78RGw5bqE3JRjZxEghiLHPPuvS5DDg== +snyk-mvn-plugin@2.26.0: + version "2.26.0" + resolved "https://registry.yarnpkg.com/snyk-mvn-plugin/-/snyk-mvn-plugin-2.26.0.tgz#a4ce4aecf6b6f20f0b9797f2a7680982fa1fe5b5" + integrity sha512-LxYNWXPJxcwbkCK+vE7t437RttEDcbsS2KJJYzFtrr6u7g26c51u9aMHYPCDAEmwjI1A28zSrh7Wp45JW4YOqg== dependencies: "@snyk/cli-interface" "2.11.0" "@snyk/dep-graph" "^1.23.1" - "@snyk/java-call-graph-builder" "1.19.1" + "@snyk/java-call-graph-builder" "1.21.0" debug "^4.1.1" glob "^7.1.6" needle "^2.5.0" @@ -27197,10 +27237,10 @@ snyk-nodejs-lockfile-parser@1.33.0: uuid "^8.3.0" yaml "^1.9.2" -snyk-nodejs-lockfile-parser@1.34.1: - version "1.34.1" - resolved "https://registry.yarnpkg.com/snyk-nodejs-lockfile-parser/-/snyk-nodejs-lockfile-parser-1.34.1.tgz#8aaf37d50525988b45fe330a019a194893345c70" - integrity sha512-vu9ANnTin2T8FzacaTcErl4QQxpUpHCZQf4wQuFLknD9cSs0qc88nUhKev4eLA6Qs4amO0adPFfinn04tUvQ4A== +snyk-nodejs-lockfile-parser@1.34.2: + version "1.34.2" + resolved "https://registry.yarnpkg.com/snyk-nodejs-lockfile-parser/-/snyk-nodejs-lockfile-parser-1.34.2.tgz#31328b10c028c57caf538d860175b106c47e5f68" + integrity sha512-evLJmX+ZOs5fw0LTVXFkzxfUnI1GcFSBYEXgbD3AbWBpo5Qqsxr33rKlPvbpJ98sOXHfv1vPkY1WloGVTNF84w== dependencies: "@snyk/graphlib" "2.1.9-patch.3" "@yarnpkg/core" "^2.4.0" @@ -27440,17 +27480,17 @@ snyk-try-require@^2.0.0: lodash.clonedeep "^4.3.0" lru-cache "^5.1.1" -snyk@1.586.0: - version "1.586.0" - resolved "https://registry.yarnpkg.com/snyk/-/snyk-1.586.0.tgz#8e9cc462bcbe970da38f23102ac50c4dc2b93009" - integrity sha512-SZwsUxps/P+ZOdWDdaSap6rcuqZaycywPyLmHJfNov4LrMJhdifNqLPGN9Miktmuw7ePMf0WhTkjcHTt1HSazQ== +snyk@1.605.0: + version "1.605.0" + resolved "https://registry.yarnpkg.com/snyk/-/snyk-1.605.0.tgz#1aff8975214e2a2f8b5f5d1cb62f948e97d00f35" + integrity sha512-Z7WXI/U4oa/vWzHcuNYXOwJgRyJ0Xzn2c4fZsbb64dYmmcaROBVPCO99XpyKixcnfqlodNw90CjvTTo4grYtXw== dependencies: "@open-policy-agent/opa-wasm" "^1.2.0" "@snyk/cli-interface" "2.11.0" "@snyk/cloud-config-parser" "^1.9.2" "@snyk/code-client" "3.5.1" "@snyk/dep-graph" "^1.27.1" - "@snyk/fix" "1.554.0" + "@snyk/fix" "1.601.0" "@snyk/gemfile" "1.2.0" "@snyk/graphlib" "^2.1.9-patch.3" "@snyk/inquirer" "^7.3.3-patch" @@ -27483,7 +27523,7 @@ snyk@1.586.0: micromatch "4.0.2" needle "2.6.0" open "^7.0.3" - ora "5.3.0" + ora "5.4.0" os-name "^3.0.0" promise-queue "^2.2.5" proxy-from-env "^1.0.0" @@ -27493,10 +27533,10 @@ snyk@1.586.0: snyk-cpp-plugin "2.2.1" snyk-docker-plugin "4.20.2" snyk-go-plugin "1.17.0" - snyk-gradle-plugin "3.14.4" + snyk-gradle-plugin "3.14.5" snyk-module "3.1.0" - snyk-mvn-plugin "2.25.3" - snyk-nodejs-lockfile-parser "1.34.1" + snyk-mvn-plugin "2.26.0" + snyk-nodejs-lockfile-parser "1.34.2" snyk-nuget-plugin "1.21.1" snyk-php-plugin "1.9.2" snyk-policy "1.19.0" @@ -27714,18 +27754,18 @@ source-map-support@^0.5.0, source-map-support@^0.5.11, source-map-support@^0.5.1 buffer-from "^1.0.0" source-map "^0.6.0" -source-map-support@^0.5.17: - version "0.5.17" - resolved "https://registry.yarnpkg.com/source-map-support/-/source-map-support-0.5.17.tgz#29fe1b3c98b9dbd5064ada89052ee8ff070cb46c" - integrity sha512-bwdKOBZ5L0gFRh4KOxNap/J/MpvX9Yxsq9lFDx65s3o7F/NiHy7JRaGIS8MwW6tZPAq9UXE207Il0cfcb5yu/Q== +source-map-support@^0.5.16, source-map-support@^0.5.19: + version "0.5.19" + resolved "https://registry.yarnpkg.com/source-map-support/-/source-map-support-0.5.19.tgz#a98b62f86dcaf4f67399648c085291ab9e8fed61" + integrity sha512-Wonm7zOCIJzBGQdB+thsPar0kYuCIzYvxZwlBa87yi/Mdjv7Tip2cyVbLj5o0cFPN4EVkuTwb3GDDyUx2DGnGw== dependencies: buffer-from "^1.0.0" source-map "^0.6.0" -source-map-support@^0.5.19: - version "0.5.19" - resolved "https://registry.yarnpkg.com/source-map-support/-/source-map-support-0.5.19.tgz#a98b62f86dcaf4f67399648c085291ab9e8fed61" - integrity sha512-Wonm7zOCIJzBGQdB+thsPar0kYuCIzYvxZwlBa87yi/Mdjv7Tip2cyVbLj5o0cFPN4EVkuTwb3GDDyUx2DGnGw== +source-map-support@^0.5.17: + version "0.5.17" + resolved "https://registry.yarnpkg.com/source-map-support/-/source-map-support-0.5.17.tgz#29fe1b3c98b9dbd5064ada89052ee8ff070cb46c" + integrity sha512-bwdKOBZ5L0gFRh4KOxNap/J/MpvX9Yxsq9lFDx65s3o7F/NiHy7JRaGIS8MwW6tZPAq9UXE207Il0cfcb5yu/Q== dependencies: buffer-from "^1.0.0" source-map "^0.6.0"