From 3e255b392c2f075c41fd84dfae44c102130e239f Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 1 May 2020 04:09:54 +0530 Subject: [PATCH 1/2] fix: babel-preset/package.json & babel-preset/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- babel-preset/package.json | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/babel-preset/package.json b/babel-preset/package.json index 77eaafb46f826d..b0d99ad68b94f9 100644 --- a/babel-preset/package.json +++ b/babel-preset/package.json @@ -41,6 +41,12 @@ "@babel/plugin-transform-template-literals": "7.0.0-beta.47", "@babel/plugin-transform-unicode-regex": "7.0.0-beta.47", "@babel/template": "7.0.0-beta.47", - "metro-babel7-plugin-react-transform": "^0.38.1" - } + "metro-babel7-plugin-react-transform": "^0.38.1", + "snyk": "^1.316.1" + }, + "scripts": { + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" + }, + "snyk": true } From 5d223605023e1c185e3e905e6a7f18d9497a8a11 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 1 May 2020 04:09:55 +0530 Subject: [PATCH 2/2] fix: babel-preset/package.json & babel-preset/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- babel-preset/.snyk | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 babel-preset/.snyk diff --git a/babel-preset/.snyk b/babel-preset/.snyk new file mode 100644 index 00000000000000..365e369d8d0628 --- /dev/null +++ b/babel-preset/.snyk @@ -0,0 +1,26 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.14.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - '@babel/plugin-transform-block-scoping > lodash': + patched: '2020-04-30T22:39:50.183Z' + - metro-babel7-plugin-react-transform > lodash: + patched: '2020-04-30T22:39:50.183Z' + - '@babel/plugin-transform-unicode-regex > @babel/helper-regex > lodash': + patched: '2020-04-30T22:39:50.183Z' + - metro-babel7-plugin-react-transform > @babel/helper-module-imports > lodash: + patched: '2020-04-30T22:39:50.183Z' + - '@babel/plugin-transform-modules-commonjs > @babel/helper-module-transforms > @babel/helper-simple-access > lodash': + patched: '2020-04-30T22:39:50.183Z' + - metro-babel7-plugin-react-transform > @babel/helper-module-imports > @babel/types > lodash: + patched: '2020-04-30T22:39:50.183Z' + - '@babel/plugin-transform-exponentiation-operator > @babel/helper-builder-binary-assignment-operator-visitor > @babel/helper-explode-assignable-expression > @babel/traverse > lodash': + patched: '2020-04-30T22:39:50.183Z' + - '@babel/plugin-transform-exponentiation-operator > @babel/helper-builder-binary-assignment-operator-visitor > @babel/helper-explode-assignable-expression > @babel/traverse > @babel/generator > lodash': + patched: '2020-04-30T22:39:50.183Z' + - '@babel/plugin-transform-exponentiation-operator > @babel/helper-builder-binary-assignment-operator-visitor > @babel/helper-explode-assignable-expression > @babel/traverse > @babel/helper-function-name > @babel/template > lodash': + patched: '2020-04-30T22:39:50.183Z' + - '@babel/plugin-transform-exponentiation-operator > @babel/helper-builder-binary-assignment-operator-visitor > @babel/helper-explode-assignable-expression > @babel/traverse > @babel/helper-function-name > @babel/template > @babel/types > lodash': + patched: '2020-04-30T22:39:50.183Z'