From 55f75aa244b30ce1386a123f26ce10416bfc6012 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 27 Apr 2023 23:07:05 +0000 Subject: [PATCH] fix: deps/v8/tools/clusterfuzz/js_fuzzer/package.json & deps/v8/tools/clusterfuzz/js_fuzzer/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AJV-584908 - https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905 - https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795 - https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 - https://snyk.io/vuln/SNYK-JS-MOCHA-2863123 - https://snyk.io/vuln/SNYK-JS-MOCHA-561476 - https://snyk.io/vuln/npm:debug:20170905 - https://snyk.io/vuln/npm:diff:20180305 - https://snyk.io/vuln/npm:growl:20160721 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 - https://snyk.io/vuln/npm:debug:20170905 --- deps/v8/tools/clusterfuzz/js_fuzzer/.snyk | 25 +++++++++++++++++++ .../tools/clusterfuzz/js_fuzzer/package.json | 14 +++++++---- 2 files changed, 34 insertions(+), 5 deletions(-) create mode 100644 deps/v8/tools/clusterfuzz/js_fuzzer/.snyk diff --git a/deps/v8/tools/clusterfuzz/js_fuzzer/.snyk b/deps/v8/tools/clusterfuzz/js_fuzzer/.snyk new file mode 100644 index 00000000000000..244c6bd36ea88c --- /dev/null +++ b/deps/v8/tools/clusterfuzz/js_fuzzer/.snyk @@ -0,0 +1,25 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.25.0 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:debug:20170905': + - pkg > globby > fast-glob > micromatch > snapdragon > debug: + patched: '2023-04-27T23:07:00.433Z' + - pkg > globby > fast-glob > micromatch > braces > snapdragon > debug: + patched: '2023-04-27T23:07:00.433Z' + - pkg > globby > fast-glob > micromatch > extglob > snapdragon > debug: + patched: '2023-04-27T23:07:00.433Z' + - pkg > globby > fast-glob > micromatch > nanomatch > snapdragon > debug: + patched: '2023-04-27T23:07:00.433Z' + - pkg > globby > fast-glob > micromatch > extglob > expand-brackets > debug: + patched: '2023-04-27T23:07:00.433Z' + - pkg > globby > fast-glob > micromatch > extglob > expand-brackets > snapdragon > debug: + patched: '2023-04-27T23:07:00.433Z' + SNYK-JS-LODASH-567746: + - eslint > lodash: + patched: '2023-04-27T23:07:00.433Z' + - eslint > inquirer > lodash: + patched: '2023-04-27T23:07:00.433Z' + - eslint > table > lodash: + patched: '2023-04-27T23:07:00.433Z' diff --git a/deps/v8/tools/clusterfuzz/js_fuzzer/package.json b/deps/v8/tools/clusterfuzz/js_fuzzer/package.json index 5a7796e6777485..466b5b3dc47d04 100644 --- a/deps/v8/tools/clusterfuzz/js_fuzzer/package.json +++ b/deps/v8/tools/clusterfuzz/js_fuzzer/package.json @@ -4,7 +4,9 @@ "description": "", "main": "run.js", "scripts": { - "test": "APP_NAME=d8 mocha" + "test": "APP_NAME=d8 mocha", + "prepublish": "npm run snyk-protect", + "snyk-protect": "snyk-protect" }, "bin": "run.js", "author": "ochang@google.com", @@ -18,16 +20,18 @@ "commander": "^2.11.0", "globals": "^10.1.0", "tempfile": "^3.0.0", - "tempy": "^0.5.0" + "tempy": "^0.5.0", + "@snyk/protect": "latest" }, "devDependencies": { "eslint": "^6.8.0", - "mocha": "^3.5.3", - "pkg": "^4.3.4", + "mocha": "^10.1.0", + "pkg": "^4.4.1", "prettier": "2.0.5", "sinon": "^4.0.0" }, "pkg": { "assets": "resources/**/*" - } + }, + "snyk": true }