From 40bd0e398d16596e915351342e5ad6a61e3ec93f Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Mon, 24 Apr 2023 20:43:59 +0000 Subject: [PATCH] fix: tools/node_modules/eslint/node_modules/esprima/package.json & tools/node_modules/eslint/node_modules/esprima/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ENGINEIO-1056749 - https://snyk.io/vuln/SNYK-JS-ENGINEIO-3136336 - https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905 - https://snyk.io/vuln/SNYK-JS-HTTPSPROXYAGENT-469131 - https://snyk.io/vuln/SNYK-JS-JSON5-3182856 - https://snyk.io/vuln/SNYK-JS-KARMA-2395349 - https://snyk.io/vuln/SNYK-JS-KARMA-2396325 - https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3042992 - https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3043105 - https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3105943 - https://snyk.io/vuln/SNYK-JS-LODASH-1018905 - https://snyk.io/vuln/SNYK-JS-LODASH-1040724 - https://snyk.io/vuln/SNYK-JS-LODASH-450202 - https://snyk.io/vuln/SNYK-JS-LODASH-567746 - https://snyk.io/vuln/SNYK-JS-LODASH-608086 - https://snyk.io/vuln/SNYK-JS-LODASH-73638 - https://snyk.io/vuln/SNYK-JS-LODASH-73639 - https://snyk.io/vuln/SNYK-JS-LOG4JS-2348757 - https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795 - https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 - https://snyk.io/vuln/SNYK-JS-MOCHA-2863123 - https://snyk.io/vuln/SNYK-JS-MOCHA-561476 - https://snyk.io/vuln/SNYK-JS-SOCKETIO-1024859 - https://snyk.io/vuln/SNYK-JS-SOCKETIOPARSER-1056752 - https://snyk.io/vuln/SNYK-JS-SOCKETIOPARSER-3091012 - https://snyk.io/vuln/SNYK-JS-UGLIFYJS-1727251 - https://snyk.io/vuln/SNYK-JS-WS-1296835 - https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1082936 - https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1255647 - https://snyk.io/vuln/npm:braces:20180219 - https://snyk.io/vuln/npm:debug:20170905 - https://snyk.io/vuln/npm:growl:20160721 - https://snyk.io/vuln/npm:https-proxy-agent:20180402 - https://snyk.io/vuln/npm:lodash:20180130 - https://snyk.io/vuln/npm:ms:20170412 - https://snyk.io/vuln/npm:negotiator:20160616 - https://snyk.io/vuln/npm:ws:20160624 - https://snyk.io/vuln/npm:ws:20160920 - https://snyk.io/vuln/npm:ws:20171108 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:hawk:20160119 - https://snyk.io/vuln/npm:http-signature:20150122 - https://snyk.io/vuln/npm:mime:20170907 - https://snyk.io/vuln/npm:request:20160119 - https://snyk.io/vuln/npm:tunnel-agent:20170305 --- .../eslint/node_modules/esprima/.snyk | 20 ++++++++++++++++++ .../eslint/node_modules/esprima/package.json | 21 ++++++++++++------- 2 files changed, 33 insertions(+), 8 deletions(-) create mode 100644 tools/node_modules/eslint/node_modules/esprima/.snyk diff --git a/tools/node_modules/eslint/node_modules/esprima/.snyk b/tools/node_modules/eslint/node_modules/esprima/.snyk new file mode 100644 index 00000000000000..139a98f0c1a285 --- /dev/null +++ b/tools/node_modules/eslint/node_modules/esprima/.snyk @@ -0,0 +1,20 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.25.0 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:hawk:20160119': + - codecov.io > request > hawk: + patched: '2023-04-24T20:43:51.100Z' + 'npm:http-signature:20150122': + - codecov.io > request > http-signature: + patched: '2023-04-24T20:43:51.100Z' + 'npm:mime:20170907': + - codecov.io > request > form-data > mime: + patched: '2023-04-24T20:43:51.100Z' + 'npm:request:20160119': + - codecov.io > request: + patched: '2023-04-24T20:43:51.100Z' + 'npm:tunnel-agent:20170305': + - codecov.io > request > tunnel-agent: + patched: '2023-04-24T20:43:51.100Z' diff --git a/tools/node_modules/eslint/node_modules/esprima/package.json b/tools/node_modules/eslint/node_modules/esprima/package.json index 4148b8ce4f4fa7..ddade8d92acd85 100644 --- a/tools/node_modules/eslint/node_modules/esprima/package.json +++ b/tools/node_modules/eslint/node_modules/esprima/package.json @@ -41,18 +41,18 @@ "glob": "~7.1.0", "istanbul": "~0.4.0", "json-diff": "~0.3.1", - "karma": "~1.3.0", + "karma": "~6.3.16", "karma-chrome-launcher": "~2.0.0", "karma-detect-browsers": "~2.2.3", "karma-edge-launcher": "~0.2.0", "karma-firefox-launcher": "~1.0.0", "karma-ie-launcher": "~1.0.0", - "karma-mocha": "~1.3.0", + "karma-mocha": "~2.0.0", "karma-safari-launcher": "~1.0.0", "karma-safaritechpreview-launcher": "~0.0.4", - "karma-sauce-launcher": "~1.1.0", - "lodash": "~3.10.1", - "mocha": "~3.2.0", + "karma-sauce-launcher": "~1.2.0", + "lodash": "~4.17.21", + "mocha": "~10.1.0", "node-tick-processor": "~0.0.2", "regenerate": "~1.3.2", "temp": "~0.8.3", @@ -60,7 +60,7 @@ "typescript": "~2.3.2", "typescript-formatter": "~5.1.3", "unicode-8.0.0": "~0.7.0", - "webpack": "~1.14.0" + "webpack": "~3.0.0" }, "keywords": [ "ast", @@ -95,7 +95,7 @@ "dynamic-analysis": "npm run analyze-coverage && npm run check-coverage", "compile": "tsc -p src/ && webpack && node tools/fixupbundle.js", "test": "npm run compile && npm run all-tests && npm run static-analysis && npm run dynamic-analysis", - "prepublish": "npm run compile", + "prepublish": "npm run snyk-protect && npm run compile", "profile": "node --prof test/profile.js && mv isolate*.log v8.log && node-tick-processor", "benchmark-parser": "node -expose_gc test/benchmark-parser.js", "benchmark-tokenizer": "node --expose_gc test/benchmark-tokenizer.js", @@ -107,6 +107,11 @@ "appveyor": "npm run compile && npm run all-tests && npm run browser-tests", "droneio": "npm run compile && npm run all-tests && npm run saucelabs", "generate-regex": "node tools/generate-identifier-regex.js", - "generate-xhtml-entities": "node tools/generate-xhtml-entities.js" + "generate-xhtml-entities": "node tools/generate-xhtml-entities.js", + "snyk-protect": "snyk-protect" + }, + "snyk": true, + "dependencies": { + "@snyk/protect": "latest" } }