From d5def80b72d682eaac3678b0af04ba2b929aed99 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sat, 5 Feb 2022 05:33:42 +0000 Subject: [PATCH] fix: app/8base/package.json, app/8base/package-lock.json & app/8base/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-450202 --- app/8base/.snyk | 8 +++++ app/8base/package-lock.json | 69 ++++++++++++++++++++++++++----------- app/8base/package.json | 10 ++++-- 3 files changed, 65 insertions(+), 22 deletions(-) create mode 100644 app/8base/.snyk diff --git a/app/8base/.snyk b/app/8base/.snyk new file mode 100644 index 00000000..f56c55e7 --- /dev/null +++ b/app/8base/.snyk @@ -0,0 +1,8 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.22.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-450202: + - 0x.js > @0xproject/subproviders > @ledgerhq/hw-transport-node-hid > lodash: + patched: '2022-02-05T05:33:31.897Z' diff --git a/app/8base/package-lock.json b/app/8base/package-lock.json index ee8e3bb2..388e3cfe 100644 --- a/app/8base/package-lock.json +++ b/app/8base/package-lock.json @@ -172,7 +172,7 @@ "ethereum-types": "1.0.11", "ethereumjs-tx": "1.3.7", "ethereumjs-util": "5.2.0", - "ganache-core": "github:0xProject/ganache-core#9f86ca3d114ee4395e2d16362f95a8c57ec69bb4", + "ganache-core": "ganache-core@github:0xProject/ganache-core#9f86ca3d114ee4395e2d16362f95a8c57ec69bb4", "hdkey": "0.7.1", "json-rpc-error": "2.0.0", "lodash": "4.17.10", @@ -302,6 +302,11 @@ "u2f-api": "0.2.7" } }, + "@snyk/protect": { + "version": "1.848.0", + "resolved": "https://registry.npmjs.org/@snyk/protect/-/protect-1.848.0.tgz", + "integrity": "sha512-xi2nvta50nGbuf80nF1aKR3WV9AJUq3mJGoQPrysHNQl4thW00hfYAAkydRLAlYj8G0fb1z+GGxYDoLPNxfIYw==" + }, "@types/bn.js": { "version": "4.11.2", "resolved": "https://registry.npmjs.org/@types/bn.js/-/bn.js-4.11.2.tgz", @@ -465,12 +470,14 @@ "aproba": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/aproba/-/aproba-1.2.0.tgz", - "integrity": "sha512-Y9J6ZjXtoYh8RnXVCMOU/ttDmk1aBjunq9vO0ta5x85WDQiQfUF9sIPBITdbiiIVcBo03Hi3jMxigBtsddlXRw==" + "integrity": "sha512-Y9J6ZjXtoYh8RnXVCMOU/ttDmk1aBjunq9vO0ta5x85WDQiQfUF9sIPBITdbiiIVcBo03Hi3jMxigBtsddlXRw==", + "optional": true }, "are-we-there-yet": { "version": "1.1.5", "resolved": "https://registry.npmjs.org/are-we-there-yet/-/are-we-there-yet-1.1.5.tgz", "integrity": "sha512-5hYdAkZlcG8tOLujVDTgCT+uPX0VnpAH28gWsLfzpXYm7wP6mp5Q/gYyR7YQ0cKVJcXJnl3j2kpBan13PtQf6w==", + "optional": true, "requires": { "delegates": "1.0.0", "readable-stream": "2.3.6" @@ -1600,7 +1607,8 @@ "chownr": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/chownr/-/chownr-1.1.1.tgz", - "integrity": "sha512-j38EvO5+LHX84jlo6h4UzmOwi0UgW61WRyPtJz4qaadK5eY3BTS5TY/S1Stc3Uk2lIM6TPevAlULiEJwie860g==" + "integrity": "sha512-j38EvO5+LHX84jlo6h4UzmOwi0UgW61WRyPtJz4qaadK5eY3BTS5TY/S1Stc3Uk2lIM6TPevAlULiEJwie860g==", + "optional": true }, "cipher-base": { "version": "1.0.4", @@ -1687,7 +1695,8 @@ "console-control-strings": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/console-control-strings/-/console-control-strings-1.1.0.tgz", - "integrity": "sha1-PXz0Rk22RG6mRL9LOVB/mFEAjo4=" + "integrity": "sha1-PXz0Rk22RG6mRL9LOVB/mFEAjo4=", + "optional": true }, "content-disposition": { "version": "0.5.2", @@ -1967,7 +1976,8 @@ "deep-extend": { "version": "0.6.0", "resolved": "https://registry.npmjs.org/deep-extend/-/deep-extend-0.6.0.tgz", - "integrity": "sha512-LOHxIOaPYdHlJRtCQfDIVZtfw/ufM8+rVj649RIHzcm/vGwQRXFt6OPqIFWsm2XEMrNIEtWR64sY1LEKD2vAOA==" + "integrity": "sha512-LOHxIOaPYdHlJRtCQfDIVZtfw/ufM8+rVj649RIHzcm/vGwQRXFt6OPqIFWsm2XEMrNIEtWR64sY1LEKD2vAOA==", + "optional": true }, "deferred-leveldown": { "version": "1.2.2", @@ -2015,7 +2025,8 @@ "delegates": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/delegates/-/delegates-1.0.0.tgz", - "integrity": "sha1-hMbhWbgZBP3KWaDvRM2HDTElD5o=" + "integrity": "sha1-hMbhWbgZBP3KWaDvRM2HDTElD5o=", + "optional": true }, "depd": { "version": "1.1.2", @@ -2047,7 +2058,8 @@ "detect-libc": { "version": "1.0.3", "resolved": "https://registry.npmjs.org/detect-libc/-/detect-libc-1.0.3.tgz", - "integrity": "sha1-+hN8S9aY7fVc1c0CrFWfkaTEups=" + "integrity": "sha1-+hN8S9aY7fVc1c0CrFWfkaTEups=", + "optional": true }, "detect-node": { "version": "2.0.3", @@ -2339,7 +2351,8 @@ }, "dependencies": { "bignumber.js": { - "version": "git+https://github.com/frozeman/bignumber.js-nolookahead.git#57692b3ecfc98bbdd6b3a516cb2353652ea49934" + "version": "git+https://github.com/frozeman/bignumber.js-nolookahead.git#57692b3ecfc98bbdd6b3a516cb2353652ea49934", + "from": "bignumber.js@git+https://github.com/frozeman/bignumber.js-nolookahead.git#57692b3ecfc98bbdd6b3a516cb2353652ea49934" }, "bn.js": { "version": "2.2.0", @@ -2367,7 +2380,7 @@ "resolved": "https://registry.npmjs.org/web3/-/web3-0.20.2.tgz", "integrity": "sha1-xU2sX8DjdzmcBMGm7LsS5FEyeNY=", "requires": { - "bignumber.js": "git+https://github.com/frozeman/bignumber.js-nolookahead.git#57692b3ecfc98bbdd6b3a516cb2353652ea49934", + "bignumber.js": "bignumber.js@git+https://github.com/frozeman/bignumber.js-nolookahead.git#57692b3ecfc98bbdd6b3a516cb2353652ea49934", "crypto-js": "3.1.8", "utf8": "2.1.2", "xhr2": "0.1.4", @@ -2390,12 +2403,13 @@ "resolved": "https://registry.npmjs.org/eth-sig-util/-/eth-sig-util-1.4.2.tgz", "integrity": "sha1-jZWCAsftuq6Dlwf7pvCf8ydgYhA=", "requires": { - "ethereumjs-abi": "git+https://github.com/ethereumjs/ethereumjs-abi.git#00ba8463a7f7a67fcad737ff9c2ebd95643427f7", + "ethereumjs-abi": "ethereumjs-abi@git+https://github.com/ethereumjs/ethereumjs-abi.git#00ba8463a7f7a67fcad737ff9c2ebd95643427f7", "ethereumjs-util": "5.2.0" }, "dependencies": { "ethereumjs-abi": { "version": "git+https://github.com/ethereumjs/ethereumjs-abi.git#00ba8463a7f7a67fcad737ff9c2ebd95643427f7", + "from": "ethereumjs-abi@git+https://github.com/ethereumjs/ethereumjs-abi.git#00ba8463a7f7a67fcad737ff9c2ebd95643427f7", "requires": { "bn.js": "4.11.8", "ethereumjs-util": "5.2.0" @@ -2428,7 +2442,7 @@ "resolved": "https://registry.npmjs.org/eth-block-tracker/-/eth-block-tracker-2.3.1.tgz", "integrity": "sha512-NamWuMBIl8kmkJFVj8WzGatySTzQPQag4Xr677yFxdVtIxACFbL/dQowk0MzEqIKk93U1TwY3MjVU6mOcwZnKA==", "requires": { - "async-eventemitter": "github:ahultgren/async-eventemitter#fa06e39e56786ba541c180061dbf2c0a5bbf951c", + "async-eventemitter": "async-eventemitter@github:ahultgren/async-eventemitter#fa06e39e56786ba541c180061dbf2c0a5bbf951c", "eth-query": "2.1.2", "ethereumjs-tx": "1.3.7", "ethereumjs-util": "5.2.0", @@ -2440,6 +2454,7 @@ "dependencies": { "async-eventemitter": { "version": "github:ahultgren/async-eventemitter#fa06e39e56786ba541c180061dbf2c0a5bbf951c", + "from": "async-eventemitter@github:ahultgren/async-eventemitter#fa06e39e56786ba541c180061dbf2c0a5bbf951c", "requires": { "async": "2.6.1" } @@ -3122,6 +3137,7 @@ }, "ganache-core": { "version": "github:0xProject/ganache-core#9f86ca3d114ee4395e2d16362f95a8c57ec69bb4", + "from": "ganache-core@github:0xProject/ganache-core#9f86ca3d114ee4395e2d16362f95a8c57ec69bb4", "requires": { "abstract-leveldown": "3.0.0", "async": "2.6.1", @@ -3132,7 +3148,7 @@ "clone": "2.1.2", "ethereumjs-account": "2.0.5", "ethereumjs-block": "1.2.2", - "ethereumjs-tx": "github:0xProject/ethereumjs-tx#29d1153889c389591f74b2401da8a0c6ad40f9a7", + "ethereumjs-tx": "ethereumjs-tx@github:0xProject/ethereumjs-tx#29d1153889c389591f74b2401da8a0c6ad40f9a7", "ethereumjs-util": "5.2.0", "ethereumjs-vm": "2.3.5", "ethereumjs-wallet": "0.6.0", @@ -3176,6 +3192,7 @@ }, "ethereumjs-tx": { "version": "github:0xProject/ethereumjs-tx#29d1153889c389591f74b2401da8a0c6ad40f9a7", + "from": "ethereumjs-tx@github:0xProject/ethereumjs-tx#29d1153889c389591f74b2401da8a0c6ad40f9a7", "requires": { "ethereum-common": "0.0.18", "ethereumjs-util": "5.2.0" @@ -3201,6 +3218,7 @@ "version": "2.7.4", "resolved": "https://registry.npmjs.org/gauge/-/gauge-2.7.4.tgz", "integrity": "sha1-LANAXHU4w51+s3sxcCLjJfsBi/c=", + "optional": true, "requires": { "aproba": "1.2.0", "console-control-strings": "1.1.0", @@ -3383,7 +3401,8 @@ "has-unicode": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/has-unicode/-/has-unicode-2.0.1.tgz", - "integrity": "sha1-4Ob+aijPUROIVeCG0Wkedx3iqLk=" + "integrity": "sha1-4Ob+aijPUROIVeCG0Wkedx3iqLk=", + "optional": true }, "hash-base": { "version": "3.0.4", @@ -3540,7 +3559,8 @@ "ini": { "version": "1.3.5", "resolved": "https://registry.npmjs.org/ini/-/ini-1.3.5.tgz", - "integrity": "sha512-RZY5huIKCMRWDUqZlEi72f/lmXKMvuszcMBduliQ3nnWbx9X/ZBQO7DijMEYS9EhHBb2qacRUMtC7svLwe0lcw==" + "integrity": "sha512-RZY5huIKCMRWDUqZlEi72f/lmXKMvuszcMBduliQ3nnWbx9X/ZBQO7DijMEYS9EhHBb2qacRUMtC7svLwe0lcw==", + "optional": true }, "invariant": { "version": "2.2.4", @@ -4332,6 +4352,7 @@ "version": "2.3.4", "resolved": "https://registry.npmjs.org/minipass/-/minipass-2.3.4.tgz", "integrity": "sha512-mlouk1OHlaUE8Odt1drMtG1bAJA4ZA6B/ehysgV0LUIrDHdKgo1KorZq3pK0b/7Z7LJIQ12MNM6aC+Tn6lUZ5w==", + "optional": true, "requires": { "safe-buffer": "5.1.2", "yallist": "3.0.2" @@ -4510,6 +4531,7 @@ "version": "4.1.2", "resolved": "https://registry.npmjs.org/npmlog/-/npmlog-4.1.2.tgz", "integrity": "sha512-2uUqazuKlTaSI/dC8AzicUck7+IrEaOnN/e0jd3Xtt1KcGpwx30v50mL7oPyr/h9bL3E4aZccVwpwP+5W9Vjkg==", + "optional": true, "requires": { "are-we-there-yet": "1.1.5", "console-control-strings": "1.1.0", @@ -4991,6 +5013,7 @@ "version": "1.2.8", "resolved": "https://registry.npmjs.org/rc/-/rc-1.2.8.tgz", "integrity": "sha512-y3bGgqKj3QBdxLbLkomlohkvsA8gdAiUQlSBJnBhfn+BPxg4bc62d8TcBW15wavDfgexCgccckhcZvywyQYPOw==", + "optional": true, "requires": { "deep-extend": "0.6.0", "ini": "1.3.5", @@ -5406,7 +5429,8 @@ "signal-exit": { "version": "3.0.2", "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.2.tgz", - "integrity": "sha1-tf3AjxKH6hF4Yo5BXiUTK3NkbG0=" + "integrity": "sha1-tf3AjxKH6hF4Yo5BXiUTK3NkbG0=", + "optional": true }, "simple-concat": { "version": "1.0.0", @@ -5615,7 +5639,8 @@ "strip-json-comments": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-2.0.1.tgz", - "integrity": "sha1-PFMZQukIwml8DsNEhYwobHygpgo=" + "integrity": "sha1-PFMZQukIwml8DsNEhYwobHygpgo=", + "optional": true }, "supports-color": { "version": "2.0.0", @@ -6067,7 +6092,7 @@ "resolved": "http://registry.npmjs.org/web3/-/web3-0.20.6.tgz", "integrity": "sha1-PpcwauAk+yThCj11yIQwJWIhUSA=", "requires": { - "bignumber.js": "git+https://github.com/frozeman/bignumber.js-nolookahead.git#57692b3ecfc98bbdd6b3a516cb2353652ea49934", + "bignumber.js": "bignumber.js@git+https://github.com/frozeman/bignumber.js-nolookahead.git#57692b3ecfc98bbdd6b3a516cb2353652ea49934", "crypto-js": "3.1.8", "utf8": "2.1.2", "xhr2": "0.1.4", @@ -6075,7 +6100,8 @@ }, "dependencies": { "bignumber.js": { - "version": "git+https://github.com/frozeman/bignumber.js-nolookahead.git#57692b3ecfc98bbdd6b3a516cb2353652ea49934" + "version": "git+https://github.com/frozeman/bignumber.js-nolookahead.git#57692b3ecfc98bbdd6b3a516cb2353652ea49934", + "from": "bignumber.js@git+https://github.com/frozeman/bignumber.js-nolookahead.git#57692b3ecfc98bbdd6b3a516cb2353652ea49934" } } }, @@ -6412,11 +6438,12 @@ "requires": { "underscore": "1.8.3", "web3-core-helpers": "1.0.0-beta.36", - "websocket": "git://github.com/frozeman/WebSocket-Node.git#6c72925e3f8aaaea8dc8450f97627e85263999f2" + "websocket": "websocket@git://github.com/frozeman/WebSocket-Node.git#6c72925e3f8aaaea8dc8450f97627e85263999f2" }, "dependencies": { "websocket": { "version": "git://github.com/frozeman/WebSocket-Node.git#6c72925e3f8aaaea8dc8450f97627e85263999f2", + "from": "websocket@git://github.com/frozeman/WebSocket-Node.git#6c72925e3f8aaaea8dc8450f97627e85263999f2", "requires": { "debug": "2.6.9", "nan": "2.11.1", @@ -6494,6 +6521,7 @@ "version": "1.1.3", "resolved": "https://registry.npmjs.org/wide-align/-/wide-align-1.1.3.tgz", "integrity": "sha512-QGkOQc8XL6Bt5PwnsExKBPuMKBxnGxWWW3fU55Xt4feHozMUhdUMaBCk290qpm/wG5u/RSKzwdAC4i51YigihA==", + "optional": true, "requires": { "string-width": "1.0.2" } @@ -6596,7 +6624,8 @@ "yallist": { "version": "3.0.2", "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.0.2.tgz", - "integrity": "sha1-hFK0u36Dx8GI2AQcGoN8dz1ti7k=" + "integrity": "sha1-hFK0u36Dx8GI2AQcGoN8dz1ti7k=", + "optional": true }, "yargs": { "version": "7.1.0", diff --git a/app/8base/package.json b/app/8base/package.json index 2683bda5..cf1e68a1 100644 --- a/app/8base/package.json +++ b/app/8base/package.json @@ -10,9 +10,15 @@ "path": "^0.12.7", "request": "^2.88.0", "request-promise-native": "^1.0.5", - "web3": "v0.20.6" + "web3": "v0.20.6", + "@snyk/protect": "latest" }, "devDependencies": { "@types/request-promise-native": "^1.0.15" - } + }, + "scripts": { + "prepare": "npm run snyk-protect", + "snyk-protect": "snyk-protect" + }, + "snyk": true }