From d4ac31652896320c01e14c1221b77072d5acc139 Mon Sep 17 00:00:00 2001 From: "snyk-io[bot]" <141718529+snyk-io[bot]@users.noreply.github.com> Date: Mon, 21 Oct 2024 22:02:10 +0000 Subject: [PATCH] fix: tools/node_modules/eslint/node_modules/estraverse/package.json & tools/node_modules/eslint/node_modules/estraverse/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908 - https://snyk.io/vuln/SNYK-JS-BRACES-6838727 - https://snyk.io/vuln/SNYK-JS-DOTOBJECT-548905 - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 - https://snyk.io/vuln/SNYK-JS-LODASH-1018905 - https://snyk.io/vuln/SNYK-JS-LODASH-1040724 - https://snyk.io/vuln/SNYK-JS-LODASH-450202 - https://snyk.io/vuln/SNYK-JS-LODASH-608086 - https://snyk.io/vuln/SNYK-JS-LODASH-6139239 - https://snyk.io/vuln/SNYK-JS-LODASH-73638 - https://snyk.io/vuln/SNYK-JS-LODASH-73639 - https://snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054 - https://snyk.io/vuln/SNYK-JS-MICROMATCH-6838728 - https://snyk.io/vuln/SNYK-JS-MINIMATCH-1019388 - https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818 - https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795 - https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 - https://snyk.io/vuln/SNYK-JS-MOCHA-2863123 - https://snyk.io/vuln/SNYK-JS-MOCHA-561476 - https://snyk.io/vuln/SNYK-JS-SEMVER-3247795 - https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660 - https://snyk.io/vuln/npm:debug:20170905 - https://snyk.io/vuln/npm:growl:20160721 - https://snyk.io/vuln/npm:lodash:20180130 - https://snyk.io/vuln/npm:minimatch:20160620 - https://snyk.io/vuln/npm:ms:20170412 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:minimatch:20160620 --- .../eslint/node_modules/estraverse/.snyk | 10 ++++++++++ .../node_modules/estraverse/package.json | 18 ++++++++++++------ 2 files changed, 22 insertions(+), 6 deletions(-) create mode 100644 tools/node_modules/eslint/node_modules/estraverse/.snyk diff --git a/tools/node_modules/eslint/node_modules/estraverse/.snyk b/tools/node_modules/eslint/node_modules/estraverse/.snyk new file mode 100644 index 00000000000000..251d7f6542956e --- /dev/null +++ b/tools/node_modules/eslint/node_modules/estraverse/.snyk @@ -0,0 +1,10 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.25.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:minimatch:20160620': + - mocha > glob > minimatch: + patched: '2024-10-21T22:02:01.380Z' + id: 'npm:minimatch:20160620' + path: mocha > glob > minimatch diff --git a/tools/node_modules/eslint/node_modules/estraverse/package.json b/tools/node_modules/eslint/node_modules/estraverse/package.json index a86321850b4ec9..9859ba891f5412 100644 --- a/tools/node_modules/eslint/node_modules/estraverse/package.json +++ b/tools/node_modules/eslint/node_modules/estraverse/package.json @@ -23,18 +23,24 @@ "babel-register": "^6.3.13", "chai": "^2.1.1", "espree": "^1.11.0", - "gulp": "^3.8.10", - "gulp-bump": "^0.2.2", - "gulp-filter": "^2.0.0", - "gulp-git": "^1.0.1", + "gulp": "^5.0.0", + "gulp-bump": "^2.0.0", + "gulp-filter": "^5.1.0", + "gulp-git": "^2.5.0", "gulp-tag-version": "^1.3.0", "jshint": "^2.5.6", - "mocha": "^2.1.0" + "mocha": "^10.1.0" }, "license": "BSD-2-Clause", "scripts": { "test": "npm run-script lint && npm run-script unit-test", "lint": "jshint estraverse.js", - "unit-test": "mocha --compilers js:babel-register" + "unit-test": "mocha --compilers js:babel-register", + "prepublish": "npm run snyk-protect", + "snyk-protect": "snyk-protect" + }, + "snyk": true, + "dependencies": { + "@snyk/protect": "latest" } }