diff --git a/.snyk b/.snyk index e9fc405e6d..c5ecd9ceb5 100644 --- a/.snyk +++ b/.snyk @@ -2,31 +2,22 @@ version: v1.25.0 # ignores vulnerabilities until expiry date; change duration by modifying expiry date ignore: - SNYK-JS-ANSIREGEX-1583908: - - '*': - reason: Not affecting Snyk CLI. No upgrade path currently available - expires: 2022-02-01T00:00:00.000Z - created: 2021-11-29T17:25:19.200Z - SNYK-JS-LODASHSET-1320032: - - '*': - reason: No upgrade path currently available - expires: 2024-09-30T10:00:00.000Z - created: 2023-09-13T13:14:22.120Z 'snyk:lic:npm:shescape:MPL-2.0': - '*': reason: --about lists all dependency licenses which is a requirement of MPL-2.0 expires: 2122-12-14T16:35:38.252Z created: 2022-11-14T16:35:38.260Z - SNYK-JS-BRACES-6838727: + SNYK-JS-CROSSSPAWN-8303230: - '*': - reason: Direct usage within Snyk CLI are not using vulnerable function - expires: 2024-08-13T04:12:20.523Z - created: 2024-05-14T04:12:20.531Z - SNYK-JS-MICROMATCH-6838728: + reason: No direct upgrade path available + expires: 2025-01-01T00:12:20.523Z + created: 2024-11-08T10:22:20.531Z + SNYK-JS-SOURCEMAPSUPPORT-6112477: - '*': - reason: Direct usage within Snyk CLI are not using vulnerable function - expires: 2024-10-13T04:12:20.523Z - created: 2024-05-14T04:12:20.531Z + reason: Not directely exploitable + expires: 2025-01-01T00:12:20.523Z + created: 2024-11-08T10:22:20.531Z + patch: {} exclude: code: diff --git a/package-lock.json b/package-lock.json index 5d228578bc..fa47913c11 100644 --- a/package-lock.json +++ b/package-lock.json @@ -68,7 +68,7 @@ "semver": "^6.0.0", "snyk-config": "^5.0.0", "snyk-cpp-plugin": "2.24.0", - "snyk-docker-plugin": "6.13.2", + "snyk-docker-plugin": "github:snyk/snyk-docker-plugin#v6.13.2-hotfix", "snyk-go-plugin": "1.23.0", "snyk-gradle-plugin": "4.6.0", "snyk-module": "3.1.0", @@ -77,7 +77,7 @@ "snyk-nodejs-plugin": "1.3.4", "snyk-nuget-plugin": "2.7.8", "snyk-php-plugin": "1.10.0", - "snyk-policy": "^4.0.0", + "snyk-policy": "4.1.4", "snyk-python-plugin": "2.2.1", "snyk-resolve-deps": "4.8.0", "snyk-sbt-plugin": "2.18.1", @@ -20280,9 +20280,8 @@ "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" }, "node_modules/snyk-docker-plugin": { - "version": "6.13.2", - "resolved": "https://registry.npmjs.org/snyk-docker-plugin/-/snyk-docker-plugin-6.13.2.tgz", - "integrity": "sha512-phUxaUm50IOiruC61Eyqwy1dEJ0KjtF+Fqs3qp7RBT4jPHYqoDxKnyHMCmxwS2+XDFigbA0r9MR5FEKfdvdL8Q==", + "resolved": "git+ssh://git@github.com/snyk/snyk-docker-plugin.git#4827da33f34cafeeff355e21ce5a86f42d2f9fb6", + "license": "Apache-2.0", "dependencies": { "@snyk/composer-lockfile-parser": "^1.4.1", "@snyk/dep-graph": "^2.8.1", @@ -21219,20 +21218,31 @@ "integrity": "sha512-77EbyPPpMz+FRFRuAFlWMtmgUWGe9UOG2Z25NqCwiIjRhOf5iKGuzSe5P2w1laq+FkRy4p+PCuVkJSGkzTEKVw==" }, "node_modules/snyk-policy": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/snyk-policy/-/snyk-policy-4.0.0.tgz", - "integrity": "sha512-xkXsDhnZS2zcB/BAKVZKR09ZTkJ4M/5eVyuVrV7+BFMy7bSv2EZPDulGGsrkUhXbQwkm7eW+FtccZABRRdct2w==", + "version": "4.1.4", + "resolved": "https://registry.npmjs.org/snyk-policy/-/snyk-policy-4.1.4.tgz", + "integrity": "sha512-82CQR/wlugiBnGekS3gVm1u/E2GEwL8+bmM91gZadV2C3w7qXloXjOugjaVg8SHYDFJLFnSEq4uttJw5SnFLZw==", "dependencies": { "debug": "^4.1.1", "email-validator": "^2.0.4", "js-yaml": "^3.13.1", "lodash.clonedeep": "^4.5.0", "semver": "^7.3.4", - "snyk-module": "^3.0.0", + "snyk-module": "^3.3.0", "snyk-resolve": "^1.1.0", "snyk-try-require": "^2.0.2" } }, + "node_modules/snyk-policy/node_modules/hosted-git-info": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-4.1.0.tgz", + "integrity": "sha512-kyCuEOWjJqZuDbRHzL8V93NzQhwIB71oFWSyzVo+KPZI+pnQPPxucdkrOZvkLRnrf5URsQM+IJ09Dw29cRALIA==", + "dependencies": { + "lru-cache": "^6.0.0" + }, + "engines": { + "node": ">=10" + } + }, "node_modules/snyk-policy/node_modules/lru-cache": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", @@ -21258,6 +21268,15 @@ "node": ">=10" } }, + "node_modules/snyk-policy/node_modules/snyk-module": { + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/snyk-module/-/snyk-module-3.3.0.tgz", + "integrity": "sha512-XNTCmLXMmupUMYUYcRlo5h28bVbb0CHsqAS6ttiiGHaDRBqDXIbkCSoSk9/bGqezImZhmZk/l5ErXtyoFqxHDQ==", + "dependencies": { + "debug": "^4.1.1", + "hosted-git-info": "^4.0.2" + } + }, "node_modules/snyk-policy/node_modules/yallist": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", @@ -39726,9 +39745,8 @@ } }, "snyk-docker-plugin": { - "version": "6.13.2", - "resolved": "https://registry.npmjs.org/snyk-docker-plugin/-/snyk-docker-plugin-6.13.2.tgz", - "integrity": "sha512-phUxaUm50IOiruC61Eyqwy1dEJ0KjtF+Fqs3qp7RBT4jPHYqoDxKnyHMCmxwS2+XDFigbA0r9MR5FEKfdvdL8Q==", + "version": "git+ssh://git@github.com/snyk/snyk-docker-plugin.git#4827da33f34cafeeff355e21ce5a86f42d2f9fb6", + "from": "snyk-docker-plugin@github:snyk/snyk-docker-plugin#v6.13.2-hotfix", "requires": { "@snyk/composer-lockfile-parser": "^1.4.1", "@snyk/dep-graph": "^2.8.1", @@ -40474,20 +40492,28 @@ } }, "snyk-policy": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/snyk-policy/-/snyk-policy-4.0.0.tgz", - "integrity": "sha512-xkXsDhnZS2zcB/BAKVZKR09ZTkJ4M/5eVyuVrV7+BFMy7bSv2EZPDulGGsrkUhXbQwkm7eW+FtccZABRRdct2w==", + "version": "4.1.4", + "resolved": "https://registry.npmjs.org/snyk-policy/-/snyk-policy-4.1.4.tgz", + "integrity": "sha512-82CQR/wlugiBnGekS3gVm1u/E2GEwL8+bmM91gZadV2C3w7qXloXjOugjaVg8SHYDFJLFnSEq4uttJw5SnFLZw==", "requires": { "debug": "^4.1.1", "email-validator": "^2.0.4", "js-yaml": "^3.13.1", "lodash.clonedeep": "^4.5.0", "semver": "^7.3.4", - "snyk-module": "^3.0.0", + "snyk-module": "^3.3.0", "snyk-resolve": "^1.1.0", "snyk-try-require": "^2.0.2" }, "dependencies": { + "hosted-git-info": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-4.1.0.tgz", + "integrity": "sha512-kyCuEOWjJqZuDbRHzL8V93NzQhwIB71oFWSyzVo+KPZI+pnQPPxucdkrOZvkLRnrf5URsQM+IJ09Dw29cRALIA==", + "requires": { + "lru-cache": "^6.0.0" + } + }, "lru-cache": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", @@ -40504,6 +40530,15 @@ "lru-cache": "^6.0.0" } }, + "snyk-module": { + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/snyk-module/-/snyk-module-3.3.0.tgz", + "integrity": "sha512-XNTCmLXMmupUMYUYcRlo5h28bVbb0CHsqAS6ttiiGHaDRBqDXIbkCSoSk9/bGqezImZhmZk/l5ErXtyoFqxHDQ==", + "requires": { + "debug": "^4.1.1", + "hosted-git-info": "^4.0.2" + } + }, "yallist": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", diff --git a/package.json b/package.json index 33d48c275d..b58119a6ed 100644 --- a/package.json +++ b/package.json @@ -116,7 +116,7 @@ "semver": "^6.0.0", "snyk-config": "^5.0.0", "snyk-cpp-plugin": "2.24.0", - "snyk-docker-plugin": "6.13.2", + "snyk-docker-plugin": "github:snyk/snyk-docker-plugin#v6.13.2-hotfix", "snyk-go-plugin": "1.23.0", "snyk-gradle-plugin": "4.6.0", "snyk-module": "3.1.0", @@ -125,7 +125,7 @@ "snyk-nodejs-plugin": "1.3.4", "snyk-nuget-plugin": "2.7.8", "snyk-php-plugin": "1.10.0", - "snyk-policy": "^4.0.0", + "snyk-policy": "4.1.4", "snyk-python-plugin": "2.2.1", "snyk-resolve-deps": "4.8.0", "snyk-sbt-plugin": "2.18.1",