diff --git a/.snyk b/.snyk new file mode 100644 index 000000000..345675b13 --- /dev/null +++ b/.snyk @@ -0,0 +1,22 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.22.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - react-native > react-native-codegen > jscodeshift > @babel/core > @babel/traverse > lodash: + patched: '2022-03-26T02:20:43.590Z' + - react-native > react-native-codegen > jscodeshift > @babel/plugin-proposal-optional-chaining > @babel/helper-skip-transparent-expression-wrappers > @babel/types > lodash: + patched: '2022-03-26T02:20:43.590Z' + - react-native > react-native-codegen > jscodeshift > @babel/plugin-proposal-class-properties > @babel/helper-create-class-features-plugin > @babel/helper-replace-supers > @babel/traverse > lodash: + patched: '2022-03-26T02:20:43.590Z' + - react-native > react-native-codegen > jscodeshift > @babel/preset-typescript > @babel/plugin-transform-typescript > @babel/helper-create-class-features-plugin > @babel/helper-replace-supers > @babel/traverse > lodash: + patched: '2022-03-26T02:20:43.590Z' + - react-native > react-native-codegen > jscodeshift > @babel/preset-typescript > @babel/plugin-transform-typescript > @babel/helper-create-class-features-plugin > @babel/helper-replace-supers > @babel/traverse > @babel/types > lodash: + patched: '2022-03-26T02:20:43.590Z' + - react-native > react-native-codegen > jscodeshift > @babel/preset-typescript > @babel/plugin-transform-typescript > @babel/helper-create-class-features-plugin > @babel/helper-replace-supers > @babel/traverse > @babel/helper-split-export-declaration > @babel/types > lodash: + patched: '2022-03-26T02:20:43.590Z' + - react-native > react-native-codegen > jscodeshift > @babel/preset-typescript > @babel/plugin-transform-typescript > @babel/helper-create-class-features-plugin > @babel/helper-replace-supers > @babel/traverse > @babel/helper-function-name > @babel/template > @babel/types > lodash: + patched: '2022-03-26T02:20:43.590Z' + - react-native-unimodules > expo-constants > @expo/config > @expo/babel-preset-cli > @babel/preset-env > @babel/plugin-transform-async-to-generator > @babel/helper-remap-async-to-generator > @babel/helper-wrap-function > @babel/traverse > @babel/helper-function-name > @babel/template > @babel/types > lodash: + patched: '2022-03-26T02:20:43.590Z' diff --git a/package.json b/package.json index 13010b069..db48f5fde 100644 --- a/package.json +++ b/package.json @@ -37,7 +37,9 @@ "deploy-ios:production": "bundle exec fastlane ios build_and_deploy type:production | tee -a ./fastlane/logs/fastlane-deploy-ios-production-$(cat .env.production | grep APP_VERSION_NAME | cut -d'=' -f2)_$(cat .env.production | grep APP_VERSION_CODE | cut -d'=' -f2)-$(date +%Y%m%d-%H%M%S)-$(stat -f %Su /dev/console).log", "deploy-ios:diawi": "bundle exec fastlane ios adhoc env:diawi | tee -a ./fastlane/logs/fastlane-deploy-ios-diawi-$(cat .env.diawi | grep APP_VERSION_NAME | cut -d'=' -f2)_$(cat .env.diawi | grep APP_VERSION_CODE | cut -d'=' -f2)-$(date +%Y%m%d-%H%M%S)-$(stat -f %Su /dev/console).log", "deploy-android:diawi": "bundle exec fastlane android adhoc env:diawi | tee -a ./fastlane/logs/fastlane-deploy-android-diawi-$(cat .env.diawi | grep APP_VERSION_NAME | cut -d'=' -f2)_$(cat .env.diawi | grep APP_VERSION_CODE | cut -d'=' -f2)-$(date +%Y%m%d-%H%M%S)-$(stat -f %Su /dev/console).log", - "deploy-ios:demo": "bundle exec fastlane ios build_and_deploy type:demo | tee -a ./fastlane/logs/fastlane-deploy-ios-demo--$(cat .env | grep APP_VERSION_NAME | cut -d'=' -f2)_$(cat .env | grep APP_VERSION_CODE | cut -d'=' -f2)$(date +%Y%m%d-%H%M%S)-$(stat -f %Su /dev/console).log" + "deploy-ios:demo": "bundle exec fastlane ios build_and_deploy type:demo | tee -a ./fastlane/logs/fastlane-deploy-ios-demo--$(cat .env | grep APP_VERSION_NAME | cut -d'=' -f2)_$(cat .env | grep APP_VERSION_CODE | cut -d'=' -f2)$(date +%Y%m%d-%H%M%S)-$(stat -f %Su /dev/console).log", + "prepare": "yarn run snyk-protect", + "snyk-protect": "snyk-protect" }, "dependencies": { "@react-native-async-storage/async-storage": "^1.9.0", @@ -83,7 +85,8 @@ "semver": "^7.3.5", "tweetnacl": "^1.0.3", "url": "^0.11.0", - "yarn": "^1.22.10" + "yarn": "^1.22.10", + "@snyk/protect": "latest" }, "resolutions": { "**/@typescript-eslint/eslint-plugin": "4.19.0", @@ -125,5 +128,6 @@ "typescript": "^4.2.3", "wait-for-expect": "^3.0.2", "mockdate": "^3.0.5" - } + }, + "snyk": true } diff --git a/yarn.lock b/yarn.lock index 1716ab467..cc59b9083 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3166,6 +3166,11 @@ dependencies: "@sinonjs/commons" "^1.7.0" +"@snyk/protect@^1.883.0": + version "1.883.0" + resolved "https://registry.yarnpkg.com/@snyk/protect/-/protect-1.883.0.tgz#048015d4e0f1c18b6abc7e2773b6374b620bd399" + integrity sha512-N/EqG6P/qNYWOfuZAfGS1d7yGwGY4zV7AvKtgTzdhazDt7G/mRLG6czLSWNWGEFYBiMsYRVPHdc5It3bjhmIGw== + "@svgr/babel-plugin-add-jsx-attribute@^4.2.0": version "4.2.0" resolved "https://registry.yarnpkg.com/@svgr/babel-plugin-add-jsx-attribute/-/babel-plugin-add-jsx-attribute-4.2.0.tgz#dadcb6218503532d6884b210e7f3c502caaa44b1"