fix: scss/package.json, scss/yarn.lock & scss/.snyk to reduce vulnerabilities

The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
This commit is contained in:
snyk-bot 2022-03-26 02:38:02 +00:00
parent 4bcb558d5e
commit 41aad31aeb
No known key found for this signature in database
GPG Key ID: 09541BBFF0C4C795
3 changed files with 22 additions and 3 deletions

10
scss/.snyk Normal file
View File

@ -0,0 +1,10 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.22.1
ignore: {}
# patches apply the minimum changes required to fix a vulnerability
patch:
SNYK-JS-LODASH-567746:
- node-sass > sass-graph > lodash:
patched: '2022-03-26T02:37:54.209Z'
- node-sass > gaze > globule > lodash:
patched: '2022-03-26T02:37:54.209Z'

View File

@ -7,9 +7,13 @@
"dependencies": {
"@fortawesome/fontawesome-free": "^5.15.1",
"bootstrap": "^4.5.3",
"node-sass": "^7.0.1"
"node-sass": "^7.0.1",
"@snyk/protect": "latest"
},
"scripts": {
"build": "node-sass --importer=./importer --output css"
}
"build": "node-sass --importer=./importer --output css",
"prepare": "yarn run snyk-protect",
"snyk-protect": "snyk-protect"
},
"snyk": true
}

View File

@ -49,6 +49,11 @@
mkdirp "^1.0.4"
rimraf "^3.0.2"
"@snyk/protect@^1.883.0":
version "1.883.0"
resolved "https://registry.yarnpkg.com/@snyk/protect/-/protect-1.883.0.tgz#048015d4e0f1c18b6abc7e2773b6374b620bd399"
integrity sha512-N/EqG6P/qNYWOfuZAfGS1d7yGwGY4zV7AvKtgTzdhazDt7G/mRLG6czLSWNWGEFYBiMsYRVPHdc5It3bjhmIGw==
"@tootallnate/once@1":
version "1.1.2"
resolved "https://registry.yarnpkg.com/@tootallnate/once/-/once-1.1.2.tgz#ccb91445360179a04e7fe6aff78c00ffc1eeaf82"