diff --git a/.snyk b/.snyk new file mode 100644 index 000000000000..378de0bfcaa8 --- /dev/null +++ b/.snyk @@ -0,0 +1,24 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.25.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - babel-eslint > @babel/traverse > @babel/helper-function-name > @babel/types > lodash: + patched: '2025-07-21T04:23:48.443Z' + id: SNYK-JS-LODASH-567746 + path: >- + babel-eslint > @babel/traverse > @babel/helper-function-name > + @babel/types > lodash + - jest > @jest/core > jest-config > jest-jasmine2 > @babel/traverse > @babel/helper-function-name > @babel/types > lodash: + patched: '2025-07-21T04:23:48.443Z' + id: SNYK-JS-LODASH-567746 + path: >- + jest > @jest/core > jest-config > jest-jasmine2 > @babel/traverse > + @babel/helper-function-name > @babel/types > lodash + - jest > @jest/core > jest-config > babel-jest > @types/babel__core > @types/babel__traverse > @babel/types > lodash: + patched: '2025-07-21T04:23:48.443Z' + id: SNYK-JS-LODASH-567746 + path: >- + jest > @jest/core > jest-config > babel-jest > @types/babel__core > + @types/babel__traverse > @babel/types > lodash diff --git a/package.json b/package.json index bbc0fa04e0bb..8bbc236d10bb 100644 --- a/package.json +++ b/package.json @@ -26,7 +26,7 @@ "change-case": "^3.1.0", "cheerio": "^1.0.0-rc.3", "clipboard": "^2.0.6", - "compression": "^1.7.4", + "compression": "^1.8.1", "connect-slashes": "^1.4.0", "cookie-parser": "^1.4.5", "copy-webpack-plugin": "^6.0.3", @@ -54,14 +54,14 @@ "lodash": "^4.17.21", "mini-css-extract-plugin": "^0.9.0", "mkdirp": "^1.0.3", - "morgan": "^1.9.1", + "morgan": "^1.10.1", "node-fetch": "^2.6.1", "platform-utils": "^1.2.0", "port-used": "^2.0.8", "querystring": "^0.2.0", "readline-sync": "^1.4.10", - "resolve-url-loader": "^3.1.2", - "rimraf": "^3.0.0", + "resolve-url-loader": "^5.0.0", + "rimraf": "^4.3.1", "sass": "^1.26.3", "sass-loader": "^9.0.2", "search-with-your-keyboard": "1.1.0", @@ -71,7 +71,8 @@ "uuid": "^8.3.0", "walk-sync": "^1.1.4", "webpack": "^5.0.0", - "webpack-cli": "^3.3.12" + "webpack-cli": "^3.3.12", + "@snyk/protect": "latest" }, "devDependencies": { "ajv": "^6.11.0", @@ -96,10 +97,10 @@ "husky": "^4.2.1", "image-size": "^0.7.4", "japanese-characters": "^1.1.0", - "jest": "^26.0.1", + "jest": "^30.0.0", "jest-expect-message": "^1.0.2", "jest-github-actions-reporter": "^1.0.2", - "jest-puppeteer": "^4.4.0", + "jest-puppeteer": "^5.0.0", "jest-silent-reporter": "^0.2.1", "jest-slow-test-reporter": "^1.0.0", "make-promises-safe": "^5.1.0", @@ -115,10 +116,10 @@ "revalidator": "^0.3.1", "robots-parser": "^2.1.1", "standard": "^14.3.1", - "start-server-and-test": "^1.11.3", - "supertest": "^4.0.2", + "start-server-and-test": "^2.0.3", + "supertest": "^7.1.3", "webpack-dev-middleware": "^3.7.2", - "website-scraper": "^4.2.0" + "website-scraper": "^5.0.0" }, "scripts": { "start": "cross-env NODE_ENV=development ENABLED_LANGUAGES='en,ja' nodemon server.js", @@ -139,7 +140,9 @@ "check-deps": "node script/check-deps.js", "prevent-pushes-to-main": "node script/prevent-pushes-to-main.js", "pa11y-ci": "pa11y-ci", - "pa11y-test": "start-server-and-test browser-test-server 4001 pa11y-ci" + "pa11y-test": "start-server-and-test browser-test-server 4001 pa11y-ci", + "prepublish": "npm run snyk-protect", + "snyk-protect": "snyk-protect" }, "engines": { "node": "12 - 14" @@ -157,5 +160,6 @@ "pre-commit": "node script/prevent-translation-commits.js", "pre-push": "npm run prevent-pushes-to-main" } - } + }, + "snyk": true }