From 757611da23a9b10e674e5f5da85870a38ba51e18 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 1 May 2020 03:39:48 +0100 Subject: [PATCH 1/2] fix: docusaurus/website/.snyk & docusaurus/website/package.json to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://dev.snyk.io/vuln/SNYK-JS-LODASH-567746 --- docusaurus/website/.snyk | 70 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 docusaurus/website/.snyk diff --git a/docusaurus/website/.snyk b/docusaurus/website/.snyk new file mode 100644 index 00000000000..5121f45f8d8 --- /dev/null +++ b/docusaurus/website/.snyk @@ -0,0 +1,70 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.14.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - '@docusaurus/core > lodash': + patched: '2020-05-01T02:39:46.534Z' + - '@docusaurus/preset-classic > @docusaurus/plugin-content-blog > lodash': + patched: '2020-05-01T02:39:46.534Z' + - '@docusaurus/core > html-webpack-plugin > lodash': + patched: '2020-05-01T02:39:46.534Z' + - '@docusaurus/core > webpack-bundle-analyzer > lodash': + patched: '2020-05-01T02:39:46.534Z' + - '@docusaurus/core > webpack-merge > lodash': + patched: '2020-05-01T02:39:46.534Z' + - '@docusaurus/preset-classic > @docusaurus/plugin-content-pages > @docusaurus/utils > lodash': + patched: '2020-05-01T02:39:46.534Z' + - '@docusaurus/core > optimize-css-assets-webpack-plugin > last-call-webpack-plugin > lodash': + patched: '2020-05-01T02:39:46.534Z' + - '@docusaurus/core > react-dev-utils > inquirer > lodash': + patched: '2020-05-01T02:39:46.534Z' + - '@docusaurus/core > webpack-dev-server > http-proxy-middleware > lodash': + patched: '2020-05-01T02:39:46.534Z' + - '@docusaurus/core > webpack-nicelog > webpackbar > lodash': + patched: '2020-05-01T02:39:46.534Z' + - '@docusaurus/preset-classic > @docusaurus/theme-classic > @mdx-js/mdx > @babel/core > lodash': + patched: '2020-05-01T02:39:46.534Z' + - '@docusaurus/core > webpack-nicelog > react-dev-utils > inquirer > lodash': + patched: '2020-05-01T02:39:46.534Z' + - '@docusaurus/core > webpack-nicelog > webpackbar > consola > lodash': + patched: '2020-05-01T02:39:46.534Z' + - '@docusaurus/core > webpack-nicelog > webpackbar > table > lodash': + patched: '2020-05-01T02:39:46.534Z' + - '@docusaurus/preset-classic > @docusaurus/plugin-content-docs > @docusaurus/mdx-loader > @mdx-js/mdx > @babel/core > lodash': + patched: '2020-05-01T02:39:46.534Z' + - '@docusaurus/preset-classic > @docusaurus/theme-classic > @mdx-js/mdx > remark-mdx > @babel/core > lodash': + patched: '2020-05-01T02:39:46.534Z' + - '@docusaurus/preset-classic > @docusaurus/plugin-content-docs > @docusaurus/mdx-loader > @mdx-js/mdx > @babel/core > @babel/traverse > lodash': + patched: '2020-05-01T02:39:46.534Z' + - '@docusaurus/preset-classic > @docusaurus/theme-classic > @mdx-js/mdx > remark-mdx > @babel/core > @babel/traverse > lodash': + patched: '2020-05-01T02:39:46.534Z' + - '@docusaurus/preset-classic > @docusaurus/plugin-content-docs > @docusaurus/mdx-loader > @mdx-js/mdx > remark-mdx > @babel/core > lodash': + patched: '2020-05-01T02:39:46.534Z' + - '@docusaurus/preset-classic > @docusaurus/plugin-content-docs > @docusaurus/mdx-loader > @mdx-js/mdx > @babel/core > @babel/helpers > @babel/traverse > lodash': + patched: '2020-05-01T02:39:46.534Z' + - '@docusaurus/preset-classic > @docusaurus/theme-classic > @mdx-js/mdx > remark-mdx > @babel/core > @babel/helpers > @babel/traverse > lodash': + patched: '2020-05-01T02:39:46.534Z' + - '@docusaurus/preset-classic > @docusaurus/plugin-content-docs > @docusaurus/mdx-loader > @mdx-js/mdx > remark-mdx > @babel/core > @babel/traverse > lodash': + patched: '2020-05-01T02:39:46.534Z' + - '@docusaurus/preset-classic > @docusaurus/plugin-content-docs > @docusaurus/mdx-loader > @mdx-js/mdx > @babel/core > @babel/helpers > @babel/traverse > @babel/generator > lodash': + patched: '2020-05-01T02:39:46.534Z' + - '@docusaurus/preset-classic > @docusaurus/theme-classic > @mdx-js/mdx > remark-mdx > @babel/core > @babel/helpers > @babel/traverse > @babel/generator > lodash': + patched: '2020-05-01T02:39:46.534Z' + - '@docusaurus/preset-classic > @docusaurus/plugin-content-docs > @docusaurus/mdx-loader > @mdx-js/mdx > remark-mdx > @babel/core > @babel/helpers > @babel/traverse > lodash': + patched: '2020-05-01T02:39:46.534Z' + - '@docusaurus/preset-classic > @docusaurus/theme-classic > @mdx-js/mdx > remark-mdx > @babel/core > @babel/helpers > @babel/traverse > @babel/helper-split-export-declaration > @babel/types > lodash': + patched: '2020-05-01T02:39:46.534Z' + - '@docusaurus/preset-classic > @docusaurus/plugin-content-docs > @docusaurus/mdx-loader > @mdx-js/mdx > @babel/core > @babel/helpers > @babel/traverse > @babel/helper-split-export-declaration > @babel/types > lodash': + patched: '2020-05-01T02:39:46.534Z' + - '@docusaurus/preset-classic > @docusaurus/plugin-content-docs > @docusaurus/mdx-loader > @mdx-js/mdx > remark-mdx > @babel/core > @babel/helpers > @babel/traverse > @babel/generator > lodash': + patched: '2020-05-01T02:39:46.534Z' + - '@docusaurus/preset-classic > @docusaurus/plugin-content-docs > @docusaurus/mdx-loader > @mdx-js/mdx > remark-mdx > @babel/core > @babel/helpers > @babel/traverse > @babel/helper-split-export-declaration > @babel/types > lodash': + patched: '2020-05-01T02:39:46.534Z' + - '@docusaurus/preset-classic > @docusaurus/theme-classic > @mdx-js/mdx > remark-mdx > @babel/core > @babel/helpers > @babel/traverse > @babel/helper-function-name > @babel/helper-get-function-arity > @babel/types > lodash': + patched: '2020-05-01T02:39:46.534Z' + - '@docusaurus/preset-classic > @docusaurus/plugin-content-docs > @docusaurus/mdx-loader > @mdx-js/mdx > @babel/core > @babel/helpers > @babel/traverse > @babel/helper-function-name > @babel/helper-get-function-arity > @babel/types > lodash': + patched: '2020-05-01T02:39:46.534Z' + - '@docusaurus/preset-classic > @docusaurus/plugin-content-docs > @docusaurus/mdx-loader > @mdx-js/mdx > remark-mdx > @babel/core > @babel/helpers > @babel/traverse > @babel/helper-function-name > @babel/helper-get-function-arity > @babel/types > lodash': + patched: '2020-05-01T02:39:46.534Z' From 1f7e5e20bb570d2af1f51a2622449b18f3179c0f Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 1 May 2020 03:39:49 +0100 Subject: [PATCH 2/2] fix: docusaurus/website/.snyk & docusaurus/website/package.json to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://dev.snyk.io/vuln/SNYK-JS-LODASH-567746 --- docusaurus/website/package.json | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/docusaurus/website/package.json b/docusaurus/website/package.json index a7158b8bba7..67f2c684bab 100644 --- a/docusaurus/website/package.json +++ b/docusaurus/website/package.json @@ -3,14 +3,17 @@ "start": "docusaurus start", "build": "docusaurus build", "swizzle": "docusaurus swizzle", - "deploy": "docusaurus deploy" + "deploy": "docusaurus deploy", + "snyk-protect": "snyk protect", + "prepare": "yarn run snyk-protect" }, "dependencies": { "@docusaurus/core": "^2.0.0-alpha.26", "@docusaurus/preset-classic": "^2.0.0-alpha.26", "classnames": "^2.2.6", "react": "^16.10.2", - "react-dom": "^16.10.2" + "react-dom": "^16.10.2", + "snyk": "^1.316.1" }, "browserslist": { "production": [ @@ -23,5 +26,6 @@ "last 1 firefox version", "last 1 safari version" ] - } + }, + "snyk": true }