From f9ecd3007a55c47d8a9df5eb67a6e07f55784bc1 Mon Sep 17 00:00:00 2001 From: snyk-test Date: Tue, 20 Aug 2019 01:46:34 +0000 Subject: [PATCH] fix: .snyk & package.json to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-450202 --- .snyk | 8 ++ package.json | 290 ++++++++++++++++++++++++++------------------------- 2 files changed, 155 insertions(+), 143 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 00000000..62f40fb4 --- /dev/null +++ b/.snyk @@ -0,0 +1,8 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.13.5 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-450202: + - html-webpack-plugin > lodash: + patched: '2019-08-20T01:46:32.656Z' diff --git a/package.json b/package.json index e9e49e46..0f745df2 100644 --- a/package.json +++ b/package.json @@ -1,145 +1,149 @@ { - "name": "trezor-wallet", - "version": "1.3.2-beta", - "author": "TREZOR ", - "description": "", - "bin": { - "flow": "./node_modules/flow-bin" - }, - "license": "SEE LICENSE IN LICENSE.md", - "scripts": { - "dev": "yarn && npx webpack-dev-server --config webpack/dev.babel.js", - "dev:local": "yarn && npx webpack-dev-server --config webpack/local.babel.js", - "build": "rimraf build && run-s build:*", - "build:stable": "rimraf build/stable && npx webpack --config webpack/production.babel.js --output-path build/stable --progress --bail", - "build:beta": "rimraf build/beta && cross-env BUILD=beta npx webpack --config webpack/production.babel.js --output-path build/beta --progress --bail", - "build:dev": "rimraf build.dev && cross-env BUILD=development npx webpack --config webpack/production.babel.js --output-path build/dev --progress --bail", - "translations:extract": "rimraf translations/extractedMessages && cross-env NODE_ENV=translations babel src && yarn ttm merge-msgs && yarn ttm build-csv", - "translations:upload": "yarn translations:extract && yarn ttm upload", - "translations:download": "yarn ttm build-translations && sleep 1 && yarn ttm export-translations", - "flow": "flow check src", - "lint": "run-s lint:*", - "lint:js": "npx eslint .", - "lint:css": "npx stylelint './src/**/*.js'", - "lint-fix": "npx eslint ./src ./webpack --fix", - "test": "run-s test:*", - "test:unit": "npx jest", - "test-unit:watch": "npx jest -o --watch", - "test-integration:dev": "npx cypress open -c baseUrl=http://localhost:8081/#/", - "test-integration:test": "npx cypress run", - "test-integration:gitlab": "npx cypress run -c baseUrl=https://localhost:8080/#/ --browser chromium", - "server:beta": "node ./server/index.js --buildType=beta", - "server:stable": "node ./server/index.js --buildType=stable" - }, - "dependencies": { - "@babel/polyfill": "^7.2.5", - "@hot-loader/react-dom": "16.8.6", - "bignumber.js": "8.0.2", - "color-hash": "^1.0.3", - "commander": "^2.19.0", - "connected-react-router": "6.4.0", - "copy-to-clipboard": "^3.0.8", - "copy-webpack-plugin": "^4.6.0", - "cross-env": "^5.2.0", - "date-fns": "^1.30.1", - "ethereumjs-tx": "^1.3.7", - "ethereumjs-units": "^0.2.0", - "ethereumjs-util": "^6.0.0", - "express": "^4.16.4", - "git-revision-webpack-plugin": "^3.0.3", - "hdkey": "^1.1.0", - "history": "^4.7.2", - "html-webpack-plugin": "^3.2.0", - "jest-fetch-mock": "^2.1.0", - "morgan": "^1.9.1", - "npm-run-all": "^4.1.5", - "prop-types": "^15.6.2", - "raf": "^3.4.1", - "raven-js": "^3.27.0", - "rc-tooltip": "^3.7.3", - "react": "16.8.6", - "react-dom": "16.8.6", - "react-hot-loader": "^4.8.4", - "react-intl": "^2.8.0", - "react-json-view": "^1.19.1", - "react-qr-reader": "^2.1.2", - "react-qr-svg": "^2.1.0", - "react-redux": "^6.0.0", - "react-router": "^5.0.0", - "react-router-dom": "^5.0.0", - "react-scale-text": "^1.2.2", - "react-select": "^2.3.0", - "react-textarea-autosize": "^7.1.0", - "react-transition-group": "^2.5.3", - "react-window": "^1.7.1", - "redbox-react": "^1.6.0", - "redux": "4.0.1", - "redux-logger": "^3.0.6", - "redux-raven-middleware": "^1.2.0", - "redux-thunk": "^2.3.0", - "rimraf": "^2.6.3", - "styled-components": "^4.1.3", - "styled-normalize": "^8.0.6", - "trezor-bridge-communicator": "1.0.2", - "trezor-connect": "7.0.2", - "trezor-ui-components": "^1.0.0-beta.20", - "wallet-address-validator": "^0.2.4", - "web3": "1.0.0-beta.35", - "webpack": "^4.29.3", - "webpack-build-notifier": "^0.1.30", - "webpack-bundle-analyzer": "^3.3.2", - "whatwg-fetch": "^3.0.0", - "yarn-run-all": "^3.1.1" - }, - "devDependencies": { - "@babel/cli": "^7.2.3", - "@babel/core": "^7.2.2", - "@babel/plugin-proposal-class-properties": "^7.3.0", - "@babel/plugin-proposal-object-rest-spread": "^7.3.2", - "@babel/plugin-transform-flow-strip-types": "^7.2.3", - "@babel/plugin-transform-runtime": "^7.2.0", - "@babel/preset-env": "^7.3.1", - "@babel/preset-flow": "^7.0.0", - "@babel/preset-react": "^7.0.0", - "@babel/register": "^7.0.0", - "babel-eslint": "^10.0.1", - "babel-jest": "^24.1.0", - "babel-loader": "^8.0.5", - "babel-plugin-module-resolver": "^3.1.3", - "babel-plugin-react-intl": "^3.0.1", - "babel-plugin-styled-components": "^1.10.0", - "cypress": "^3.1.5", - "cypress-image-snapshot": "^3.0.0", - "eslint": "^5.13.0", - "eslint-config-airbnb": "^17.1.0", - "eslint-config-prettier": "^4.0.0", - "eslint-import-resolver-babel-module": "^5.0.1", - "eslint-loader": "^2.1.2", - "eslint-plugin-chai-friendly": "^0.4.1", - "eslint-plugin-cypress": "^2.2.0", - "eslint-plugin-flowtype": "^3.2.1", - "eslint-plugin-import": "^2.16.0", - "eslint-plugin-jest": "^22.2.2", - "eslint-plugin-jsx-a11y": "^6.2.1", - "eslint-plugin-prettier": "^3.0.1", - "eslint-plugin-react": "^7.12.4", - "file-loader": "3.0.1", - "flow-bin": "0.90", - "jest": "^24.1.0", - "prettier": "^1.16.4", - "prettier-eslint": "^8.8.2", - "prettylint": "^1.0.0", - "stylelint": "^9.10.1", - "stylelint-config-standard": "^18.2.0", - "stylelint-config-styled-components": "^0.1.1", - "stylelint-custom-processor-loader": "^0.6.0", - "stylelint-processor-styled-components": "^1.5.2", - "stylelint-webpack-plugin": "^0.10.5", - "trezor-translations-manager": "^1.0.5", - "webpack-cli": "^3.2.3", - "webpack-dev-server": "^3.1.14" - }, - "optionalDependencies": { - "fsevents": "1.2.7" - } + "name": "trezor-wallet", + "version": "1.3.2-beta", + "author": "TREZOR ", + "description": "", + "bin": { + "flow": "./node_modules/flow-bin" + }, + "license": "SEE LICENSE IN LICENSE.md", + "scripts": { + "dev": "yarn && npx webpack-dev-server --config webpack/dev.babel.js", + "dev:local": "yarn && npx webpack-dev-server --config webpack/local.babel.js", + "build": "rimraf build && run-s build:*", + "build:stable": "rimraf build/stable && npx webpack --config webpack/production.babel.js --output-path build/stable --progress --bail", + "build:beta": "rimraf build/beta && cross-env BUILD=beta npx webpack --config webpack/production.babel.js --output-path build/beta --progress --bail", + "build:dev": "rimraf build.dev && cross-env BUILD=development npx webpack --config webpack/production.babel.js --output-path build/dev --progress --bail", + "translations:extract": "rimraf translations/extractedMessages && cross-env NODE_ENV=translations babel src && yarn ttm merge-msgs && yarn ttm build-csv", + "translations:upload": "yarn translations:extract && yarn ttm upload", + "translations:download": "yarn ttm build-translations && sleep 1 && yarn ttm export-translations", + "flow": "flow check src", + "lint": "run-s lint:*", + "lint:js": "npx eslint .", + "lint:css": "npx stylelint './src/**/*.js'", + "lint-fix": "npx eslint ./src ./webpack --fix", + "test": "run-s test:*", + "test:unit": "npx jest", + "test-unit:watch": "npx jest -o --watch", + "test-integration:dev": "npx cypress open -c baseUrl=http://localhost:8081/#/", + "test-integration:test": "npx cypress run", + "test-integration:gitlab": "npx cypress run -c baseUrl=https://localhost:8080/#/ --browser chromium", + "server:beta": "node ./server/index.js --buildType=beta", + "server:stable": "node ./server/index.js --buildType=stable", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" + }, + "dependencies": { + "@babel/polyfill": "^7.2.5", + "@hot-loader/react-dom": "16.8.6", + "bignumber.js": "8.0.2", + "color-hash": "^1.0.3", + "commander": "^2.19.0", + "connected-react-router": "6.4.0", + "copy-to-clipboard": "^3.0.8", + "copy-webpack-plugin": "^4.6.0", + "cross-env": "^5.2.0", + "date-fns": "^1.30.1", + "ethereumjs-tx": "^1.3.7", + "ethereumjs-units": "^0.2.0", + "ethereumjs-util": "^6.0.0", + "express": "^4.16.4", + "git-revision-webpack-plugin": "^3.0.3", + "hdkey": "^1.1.0", + "history": "^4.7.2", + "html-webpack-plugin": "^3.2.0", + "jest-fetch-mock": "^2.1.0", + "morgan": "^1.9.1", + "npm-run-all": "^4.1.5", + "prop-types": "^15.6.2", + "raf": "^3.4.1", + "raven-js": "^3.27.0", + "rc-tooltip": "^3.7.3", + "react": "16.8.6", + "react-dom": "16.8.6", + "react-hot-loader": "^4.8.4", + "react-intl": "^2.8.0", + "react-json-view": "^1.19.1", + "react-qr-reader": "^2.1.2", + "react-qr-svg": "^2.1.0", + "react-redux": "^6.0.0", + "react-router": "^5.0.0", + "react-router-dom": "^5.0.0", + "react-scale-text": "^1.2.2", + "react-select": "^2.3.0", + "react-textarea-autosize": "^7.1.0", + "react-transition-group": "^2.5.3", + "react-window": "^1.7.1", + "redbox-react": "^1.6.0", + "redux": "4.0.1", + "redux-logger": "^3.0.6", + "redux-raven-middleware": "^1.2.0", + "redux-thunk": "^2.3.0", + "rimraf": "^2.6.3", + "styled-components": "^4.1.3", + "styled-normalize": "^8.0.6", + "trezor-bridge-communicator": "1.0.2", + "trezor-connect": "7.0.2", + "trezor-ui-components": "^1.0.0-beta.20", + "wallet-address-validator": "^0.2.4", + "web3": "1.0.0-beta.35", + "webpack": "^4.29.3", + "webpack-build-notifier": "^0.1.30", + "webpack-bundle-analyzer": "^3.3.2", + "whatwg-fetch": "^3.0.0", + "yarn-run-all": "^3.1.1", + "snyk": "^1.217.1" + }, + "devDependencies": { + "@babel/cli": "^7.2.3", + "@babel/core": "^7.2.2", + "@babel/plugin-proposal-class-properties": "^7.3.0", + "@babel/plugin-proposal-object-rest-spread": "^7.3.2", + "@babel/plugin-transform-flow-strip-types": "^7.2.3", + "@babel/plugin-transform-runtime": "^7.2.0", + "@babel/preset-env": "^7.3.1", + "@babel/preset-flow": "^7.0.0", + "@babel/preset-react": "^7.0.0", + "@babel/register": "^7.0.0", + "babel-eslint": "^10.0.1", + "babel-jest": "^24.1.0", + "babel-loader": "^8.0.5", + "babel-plugin-module-resolver": "^3.1.3", + "babel-plugin-react-intl": "^3.0.1", + "babel-plugin-styled-components": "^1.10.0", + "cypress": "^3.1.5", + "cypress-image-snapshot": "^3.0.0", + "eslint": "^5.13.0", + "eslint-config-airbnb": "^17.1.0", + "eslint-config-prettier": "^4.0.0", + "eslint-import-resolver-babel-module": "^5.0.1", + "eslint-loader": "^2.1.2", + "eslint-plugin-chai-friendly": "^0.4.1", + "eslint-plugin-cypress": "^2.2.0", + "eslint-plugin-flowtype": "^3.2.1", + "eslint-plugin-import": "^2.16.0", + "eslint-plugin-jest": "^22.2.2", + "eslint-plugin-jsx-a11y": "^6.2.1", + "eslint-plugin-prettier": "^3.0.1", + "eslint-plugin-react": "^7.12.4", + "file-loader": "3.0.1", + "flow-bin": "0.90", + "jest": "^24.1.0", + "prettier": "^1.16.4", + "prettier-eslint": "^8.8.2", + "prettylint": "^1.0.0", + "stylelint": "^9.10.1", + "stylelint-config-standard": "^18.2.0", + "stylelint-config-styled-components": "^0.1.1", + "stylelint-custom-processor-loader": "^0.6.0", + "stylelint-processor-styled-components": "^1.5.2", + "stylelint-webpack-plugin": "^0.10.5", + "trezor-translations-manager": "^1.0.5", + "webpack-cli": "^3.2.3", + "webpack-dev-server": "^3.1.14" + }, + "optionalDependencies": { + "fsevents": "1.2.7" + }, + "snyk": true }