From 59844e6557615c895e0c9bf18ecc0153179ae63e Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Mon, 9 Sep 2024 10:09:45 +0000 Subject: [PATCH] fix: package.json & yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 - https://snyk.io/vuln/SNYK-JS-LODASH-6139239 - https://snyk.io/vuln/SNYK-JS-LODASH-450202 - https://snyk.io/vuln/SNYK-JS-LODASH-608086 - https://snyk.io/vuln/SNYK-JS-LODASH-73638 - https://snyk.io/vuln/SNYK-JS-LODASH-1040724 - https://snyk.io/vuln/npm:lodash:20180130 - https://snyk.io/vuln/SNYK-JS-LODASH-1018905 - https://snyk.io/vuln/SNYK-JS-LODASH-73639 --- package.json | 2 +- yarn.lock | 30 ++++++++++++++++++++++++++++++ 2 files changed, 31 insertions(+), 1 deletion(-) diff --git a/package.json b/package.json index c96395f..529c02a 100644 --- a/package.json +++ b/package.json @@ -21,7 +21,7 @@ "test" ], "dependencies": { - "trailpack": "^2.1.2" + "trailpack": "^3.0.0" }, "devDependencies": { "eslint": "^4.0.0", diff --git a/yarn.lock b/yarn.lock index ac876b3..bdc95ad 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1517,6 +1517,11 @@ lodash.defaultsdeep@^4.3.1: version "4.6.0" resolved "https://registry.yarnpkg.com/lodash.defaultsdeep/-/lodash.defaultsdeep-4.6.0.tgz#bec1024f85b1bd96cbea405b23c14ad6443a6f81" +lodash.defaultsdeep@^4.6.0: + version "4.6.1" + resolved "https://registry.yarnpkg.com/lodash.defaultsdeep/-/lodash.defaultsdeep-4.6.1.tgz#512e9bd721d272d94e3d3a63653fa17516741ca6" + integrity sha512-3j8wdDzYuWO3lM3Reg03MuQR957t287Rpcxp1njpEa8oDrikb+FwGdW3n+FELh/A6qib6yPit0j/pv9G/yeAqA== + lodash.isarguments@^3.0.0: version "3.1.0" resolved "https://registry.yarnpkg.com/lodash.isarguments/-/lodash.isarguments-3.1.0.tgz#2f573d85c6a24289ff00663b491c1d338ff3458a" @@ -1533,10 +1538,25 @@ lodash.keys@^3.0.0: lodash.isarguments "^3.0.0" lodash.isarray "^3.0.0" +lodash.mapvalues@^4.6.0: + version "4.6.0" + resolved "https://registry.yarnpkg.com/lodash.mapvalues/-/lodash.mapvalues-4.6.0.tgz#1bafa5005de9dd6f4f26668c30ca37230cc9689c" + integrity sha512-JPFqXFeZQ7BfS00H58kClY7SPVeHertPE0lNuCyZ26/XlN8TvakYD7b9bGyNmXbT/D3BbtPAAmq90gPWqLkxlQ== + lodash.mergewith@^4.3.1: version "4.6.0" resolved "https://registry.yarnpkg.com/lodash.mergewith/-/lodash.mergewith-4.6.0.tgz#150cf0a16791f5903b8891eab154609274bdea55" +lodash.omit@^4.5.0: + version "4.5.0" + resolved "https://registry.yarnpkg.com/lodash.omit/-/lodash.omit-4.5.0.tgz#6eb19ae5a1ee1dd9df0b969e66ce0b7fa30b5e60" + integrity sha512-XeqSp49hNGmlkj2EJlfrQFIzQ6lXdNro9sddtQzcJY8QaoC2GO0DT7xaIokHeyM+mIT0mPMlPvkYzg2xCuHdZg== + +lodash.pick@^4.4.0: + version "4.4.0" + resolved "https://registry.yarnpkg.com/lodash.pick/-/lodash.pick-4.4.0.tgz#52f05610fff9ded422611441ed1fc123a03001b3" + integrity sha512-hXt6Ul/5yWjfklSGvLQl8vM//l3FtyHZeuelpzK6mm99pNvN9yTDruNZPEJZD1oWrqo+izBmB7oUfWgcCX7s4Q== + lodash@4.12.0: version "4.12.0" resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.12.0.tgz#2bd6dc46a040f59e686c972ed21d93dc59053258" @@ -2705,6 +2725,16 @@ trailpack@^2.1.0, trailpack@^2.1.2: dependencies: lodash "^4.17.4" +trailpack@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/trailpack/-/trailpack-3.0.0.tgz#be10032da1ce60f43a4789a08ef219c581c83b7b" + integrity sha512-3Ex3zzmn0y3iooNDkZLuWsayldIJO+3Fwkz4zzDcghtDVjm8U4HwmANXgKR2W70rXENLOTeyUL0T21PssFDUxQ== + dependencies: + lodash.defaultsdeep "^4.6.0" + lodash.mapvalues "^4.6.0" + lodash.omit "^4.5.0" + lodash.pick "^4.4.0" + trailpack@v2-latest: version "2.1.0" resolved "https://registry.yarnpkg.com/trailpack/-/trailpack-2.1.0.tgz#ed36d03417197b4a35cabb2bc2e12a0dca91db0c"