fix: scss/package.json, scss/yarn.lock & scss/.snyk to reduce vulnerabilities

The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746
2022-03-26 02:38:02 +00:00 · 2022-03-26 02:38:02 +00:00 · 41aad31aeb
parent 4bcb558d5e
commit 41aad31aeb
3 changed files with 22 additions and 3 deletions
--- a/scss/.snyk
+++ b/scss/.snyk
@ -0,0 +1,10 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.22.1
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-LODASH-567746:
+    - node-sass > sass-graph > lodash:
+        patched: '2022-03-26T02:37:54.209Z'
+    - node-sass > gaze > globule > lodash:
+        patched: '2022-03-26T02:37:54.209Z'
--- a/scss/package.json
+++ b/scss/package.json
@ -7,9 +7,13 @@
  "dependencies": {
    "@fortawesome/fontawesome-free": "^5.15.1",
    "bootstrap": "^4.5.3",
-    "node-sass": "^7.0.1"
+    "node-sass": "^7.0.1",
+    "@snyk/protect": "latest"
  },
  "scripts": {
-    "build": "node-sass --importer=./importer --output css"
-  }
+    "build": "node-sass --importer=./importer --output css",
+    "prepare": "yarn run snyk-protect",
+    "snyk-protect": "snyk-protect"
+  },
+  "snyk": true
 }
--- a/scss/yarn.lock
+++ b/scss/yarn.lock
@ -49,6 +49,11 @@
    mkdirp "^1.0.4"
    rimraf "^3.0.2"

+"@snyk/protect@^1.883.0":
+  version "1.883.0"
+  resolved "https://registry.yarnpkg.com/@snyk/protect/-/protect-1.883.0.tgz#048015d4e0f1c18b6abc7e2773b6374b620bd399"
+  integrity sha512-N/EqG6P/qNYWOfuZAfGS1d7yGwGY4zV7AvKtgTzdhazDt7G/mRLG6czLSWNWGEFYBiMsYRVPHdc5It3bjhmIGw==
+
 "@tootallnate/once@1":
  version "1.1.2"
  resolved "https://registry.yarnpkg.com/@tootallnate/once/-/once-1.1.2.tgz#ccb91445360179a04e7fe6aff78c00ffc1eeaf82"