From bfc9d9ba505557717f10782162edb3b298691687 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 1 May 2020 03:07:29 -0400 Subject: [PATCH 1/2] fix: .snyk & package.json to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- .snyk | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/.snyk b/.snyk index 47ef575..e2356de 100644 --- a/.snyk +++ b/.snyk @@ -1,5 +1,5 @@ # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. -version: v1.13.5 +version: v1.14.1 ignore: {} # patches apply the minimum changes required to fix a vulnerability patch: @@ -75,3 +75,10 @@ patch: 'npm:stringstream:20180511': - forever > forever-monitor > chokidar > fsevents > node-pre-gyp > request > stringstream: patched: '2019-06-15T05:06:08.317Z' + SNYK-JS-LODASH-567746: + - feathers-levelup > lodash: + patched: '2020-05-01T07:07:27.015Z' + - dynamodbdown > aws-sdk > xmlbuilder > lodash: + patched: '2020-05-01T07:07:27.015Z' + - dynamodbdown > aws-sdk > xml2js > xmlbuilder > lodash: + patched: '2020-05-01T07:07:27.015Z' From 4c50f6a9b7a59e4715bdc923b9ebb8ce90be0104 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 1 May 2020 03:07:30 -0400 Subject: [PATCH 2/2] fix: .snyk & package.json to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- package.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index e127217..4963b79 100644 --- a/package.json +++ b/package.json @@ -27,7 +27,7 @@ "start": "node src/", "mocha": "mocha test/ --recursive", "snyk-protect": "snyk protect", - "prepublish": "npm run snyk-protect" + "prepublish": "yarn run snyk-protect" }, "pre-push": [ "mocha" @@ -67,7 +67,7 @@ "uuid": "^3.1.0", "validator": "^9.4.1", "winston": "^2.3.1", - "snyk": "^1.179.0" + "snyk": "^1.316.1" }, "devDependencies": { "eslint": "^4.7.2",