diff --git a/.snyk b/.snyk new file mode 100644 index 00000000..dfa6d37b --- /dev/null +++ b/.snyk @@ -0,0 +1,146 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.25.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - '@babel/register > lodash': + patched: '2023-08-04T05:06:37.109Z' + id: SNYK-JS-LODASH-567746 + path: '@babel/register > lodash' + - babel-plugin-lodash > lodash: + patched: '2023-08-04T05:06:37.109Z' + id: SNYK-JS-LODASH-567746 + path: babel-plugin-lodash > lodash + - firebase-functions > lodash: + patched: '2023-08-04T05:06:37.109Z' + id: SNYK-JS-LODASH-567746 + path: firebase-functions > lodash + - knex > lodash: + patched: '2023-08-04T05:06:37.109Z' + id: SNYK-JS-LODASH-567746 + path: knex > lodash + - relay-compiler > @babel/core > lodash: + patched: '2023-08-04T05:06:37.109Z' + id: SNYK-JS-LODASH-567746 + path: relay-compiler > @babel/core > lodash + - react-app-tools > @babel/core > lodash: + patched: '2023-08-04T05:06:37.109Z' + id: SNYK-JS-LODASH-567746 + path: react-app-tools > @babel/core > lodash + - react-app-tools > eslint > lodash: + patched: '2023-08-04T05:06:37.109Z' + id: SNYK-JS-LODASH-567746 + path: react-app-tools > eslint > lodash + - react-app-tools > eslint-plugin-flowtype > lodash: + patched: '2023-08-04T05:06:37.109Z' + id: SNYK-JS-LODASH-567746 + path: react-app-tools > eslint-plugin-flowtype > lodash + - react-app-tools > eslint-plugin-import > lodash: + patched: '2023-08-04T05:06:37.109Z' + id: SNYK-JS-LODASH-567746 + path: react-app-tools > eslint-plugin-import > lodash + - request-promise-native > request-promise-core > lodash: + patched: '2023-08-04T05:06:37.109Z' + id: SNYK-JS-LODASH-567746 + path: request-promise-native > request-promise-core > lodash + - react-app-tools > webpack-manifest-plugin > lodash: + patched: '2023-08-04T05:06:37.109Z' + id: SNYK-JS-LODASH-567746 + path: react-app-tools > webpack-manifest-plugin > lodash + - react-app-tools > write-file-webpack-plugin > lodash: + patched: '2023-08-04T05:06:37.109Z' + id: SNYK-JS-LODASH-567746 + path: react-app-tools > write-file-webpack-plugin > lodash + - react-app-tools > @babel/preset-env > @babel/plugin-transform-block-scoping > lodash: + patched: '2023-08-04T05:06:37.109Z' + id: SNYK-JS-LODASH-567746 + path: >- + react-app-tools > @babel/preset-env > + @babel/plugin-transform-block-scoping > lodash + - relay-compiler > babel-preset-fbjs > @babel/plugin-transform-block-scoping > lodash: + patched: '2023-08-04T05:06:37.109Z' + id: SNYK-JS-LODASH-567746 + path: >- + relay-compiler > babel-preset-fbjs > + @babel/plugin-transform-block-scoping > lodash + - react-app-tools > eslint > inquirer > lodash: + patched: '2023-08-04T05:06:37.109Z' + id: SNYK-JS-LODASH-567746 + path: react-app-tools > eslint > inquirer > lodash + - react-app-tools > eslint > table > lodash: + patched: '2023-08-04T05:06:37.109Z' + id: SNYK-JS-LODASH-567746 + path: react-app-tools > eslint > table > lodash + - react-app-tools > optimize-css-assets-webpack-plugin > last-call-webpack-plugin > lodash: + patched: '2023-08-04T05:06:37.109Z' + id: SNYK-JS-LODASH-567746 + path: >- + react-app-tools > optimize-css-assets-webpack-plugin > + last-call-webpack-plugin > lodash + - react-app-tools > react-dev-utils > inquirer > lodash: + patched: '2023-08-04T05:06:37.109Z' + id: SNYK-JS-LODASH-567746 + path: react-app-tools > react-dev-utils > inquirer > lodash + - react-app-tools > webpack-dev-server > http-proxy-middleware > lodash: + patched: '2023-08-04T05:06:37.109Z' + id: SNYK-JS-LODASH-567746 + path: react-app-tools > webpack-dev-server > http-proxy-middleware > lodash + - react-app-tools > @babel/core > @babel/generator > @babel/types > lodash: + patched: '2023-08-04T05:06:37.109Z' + id: SNYK-JS-LODASH-567746 + path: >- + react-app-tools > @babel/core > @babel/generator > @babel/types > + lodash + - relay-compiler > babel-preset-fbjs > @babel/plugin-transform-modules-commonjs > @babel/helper-module-transforms > lodash: + patched: '2023-08-04T05:06:37.109Z' + id: SNYK-JS-LODASH-567746 + path: >- + relay-compiler > babel-preset-fbjs > + @babel/plugin-transform-modules-commonjs > + @babel/helper-module-transforms > lodash + - react-app-tools > babel-jest > babel-plugin-istanbul > istanbul-lib-instrument > babel-generator > lodash: + patched: '2023-08-04T05:06:37.109Z' + id: SNYK-JS-LODASH-567746 + path: >- + react-app-tools > babel-jest > babel-plugin-istanbul > + istanbul-lib-instrument > babel-generator > lodash + - react-app-tools > babel-jest > babel-plugin-istanbul > istanbul-lib-instrument > babel-template > lodash: + patched: '2023-08-04T05:06:37.109Z' + id: SNYK-JS-LODASH-567746 + path: >- + react-app-tools > babel-jest > babel-plugin-istanbul > + istanbul-lib-instrument > babel-template > lodash + - react-app-tools > jest > jest-cli > istanbul-api > async > lodash: + patched: '2023-08-04T05:06:37.109Z' + id: SNYK-JS-LODASH-567746 + path: react-app-tools > jest > jest-cli > istanbul-api > async > lodash + - react-app-tools > jest > jest-cli > jest-config > babel-core > lodash: + patched: '2023-08-04T05:06:37.109Z' + id: SNYK-JS-LODASH-567746 + path: react-app-tools > jest > jest-cli > jest-config > babel-core > lodash + - react-app-tools > babel-jest > babel-plugin-istanbul > istanbul-lib-instrument > babel-generator > babel-types > lodash: + patched: '2023-08-04T05:06:37.109Z' + id: SNYK-JS-LODASH-567746 + path: >- + react-app-tools > babel-jest > babel-plugin-istanbul > + istanbul-lib-instrument > babel-generator > babel-types > lodash + - react-app-tools > babel-jest > babel-plugin-istanbul > istanbul-lib-instrument > babel-template > babel-traverse > lodash: + patched: '2023-08-04T05:06:37.109Z' + id: SNYK-JS-LODASH-567746 + path: >- + react-app-tools > babel-jest > babel-plugin-istanbul > + istanbul-lib-instrument > babel-template > babel-traverse > lodash + - react-app-tools > jest > jest-cli > jest-config > babel-core > babel-register > lodash: + patched: '2023-08-04T05:06:37.109Z' + id: SNYK-JS-LODASH-567746 + path: >- + react-app-tools > jest > jest-cli > jest-config > babel-core > + babel-register > lodash + - react-app-tools > jest > jest-cli > jest-config > jest-environment-jsdom > jsdom > request-promise-native > request-promise-core > lodash: + patched: '2023-08-04T05:06:37.109Z' + id: SNYK-JS-LODASH-567746 + path: >- + react-app-tools > jest > jest-cli > jest-config > + jest-environment-jsdom > jsdom > request-promise-native > + request-promise-core > lodash diff --git a/package.json b/package.json index 4ff306e4..f7eaf3aa 100644 --- a/package.json +++ b/package.json @@ -15,37 +15,37 @@ "dependencies": { "@babel/polyfill": "^7.7.0", "@babel/runtime": "^7.7.7", - "@firebase/app": "^0.5.1", + "@firebase/app": "^0.6.13", "@firebase/auth": "^0.13.4", "@material-ui/core": "^4.8.3", "@material-ui/icons": "^4.5.1", - "body-parser": "^1.19.0", + "body-parser": "^1.19.2", "clsx": "^1.0.4", "cookie": "^0.4.0", "cookie-parser": "^1.4.4", "dataloader": "^2.0.0", "dotenv": "^8.2.0", - "ejs": "^3.0.1", - "express": "^4.17.1", + "ejs": "^3.1.7", + "express": "^4.17.3", "express-graphql": "^0.9.0", - "firebase-admin": "^8.9.0", - "firebase-functions": "^3.3.0", - "got": "^10.2.2", + "firebase-admin": "^11.4.1", + "firebase-functions": "^3.6.2", + "got": "^11.8.5", "graphql": "^14.5.8", "graphql-relay": "^0.6.0", "history": "^4.10.1", "hoist-non-react-statics": "^3.3.1", "idx": "^2.5.6", - "jsonwebtoken": "^8.5.1", + "jsonwebtoken": "^9.0.0", "jwt-passport": "^0.0.5", - "knex": "^0.20.7", + "knex": "^2.4.0", "load-script": "^1.0.0", - "lodash": "^4.17.15", + "lodash": "^4.17.21", "moment-timezone": "^0.5.27", - "passport": "^0.4.1", + "passport": "^0.6.0", "passport-facebook": "^3.0.0", "passport-google-oauth20": "^2.0.0", - "pg": "^7.17.0", + "pg": "^8.4.0", "prop-types": "^15.7.2", "query-string": "^6.9.0", "react": "^16.12.0", @@ -55,11 +55,12 @@ "relay-runtime": "^8.0.0", "request": "^2.88.0", "request-promise-native": "^1.0.8", - "serialize-javascript": "^2.1.2", + "serialize-javascript": "^3.1.0", "slugify": "^1.3.6", "universal-router": "^8.3.0", "uuid": "^3.3.3", - "validator": "^12.1.0" + "validator": "^13.7.0", + "@snyk/protect": "latest" }, "devDependencies": { "@babel/core": "^7.7.7", @@ -71,11 +72,11 @@ "eslint-plugin-prettier": "^3.1.2", "husky": "^4.0.4", "lint-staged": "^9.5.0", - "minimist": "^1.2.0", + "minimist": "^1.2.6", "prettier": "^1.19.1", "raw-loader": "^4.0.0", "react-app-tools": "^3.1.0-preview.7", - "relay-compiler": "^8.0.0" + "relay-compiler": "^13.0.0" }, "lint-staged": { "*.js": [ @@ -117,6 +118,9 @@ "psql": "node ./scripts/psql", "deploy": "yarn run deploy-test", "deploy-test": "node ./scripts/pre-deploy --env=test && firebase --project=example-test deploy && node ./scripts/post-deploy --env=test", - "deploy-prod": "node ./scripts/pre-deploy --env=prod && firebase --project=example-prod deploy && node ./scripts/post-deploy --env=prod" - } + "deploy-prod": "node ./scripts/pre-deploy --env=prod && firebase --project=example-prod deploy && node ./scripts/post-deploy --env=prod", + "prepublish": "npm run snyk-protect", + "snyk-protect": "snyk-protect" + }, + "snyk": true }