From 8f879888cf0625738bc526980b2838b9c97790fd Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 30 Sep 2022 00:19:10 +0000 Subject: [PATCH] fix: airbyte-webapp/package.json, airbyte-webapp/package-lock.json & airbyte-webapp/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-SANITIZEHTML-1070780 - https://snyk.io/vuln/SNYK-JS-SANITIZEHTML-1070786 - https://snyk.io/vuln/SNYK-JS-SANITIZEHTML-2957526 - https://snyk.io/vuln/SNYK-JS-YUP-2420835 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- airbyte-webapp/.snyk | 34 +++++++ airbyte-webapp/package-lock.json | 161 ++++++++++++++----------------- airbyte-webapp/package.json | 12 ++- 3 files changed, 116 insertions(+), 91 deletions(-) create mode 100644 airbyte-webapp/.snyk diff --git a/airbyte-webapp/.snyk b/airbyte-webapp/.snyk new file mode 100644 index 0000000000000..f20e831439636 --- /dev/null +++ b/airbyte-webapp/.snyk @@ -0,0 +1,34 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.25.0 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - formik > lodash: + patched: '2022-09-30T00:18:40.561Z' + - react-checkbox-tree > lodash: + patched: '2022-09-30T00:18:40.561Z' + - yup > lodash: + patched: '2022-09-30T00:18:40.561Z' + - styled-components > @babel/traverse > lodash: + patched: '2022-09-30T00:18:40.561Z' + - styled-components > babel-plugin-styled-components > lodash: + patched: '2022-09-30T00:18:40.561Z' + - styled-components > @babel/traverse > @babel/types > lodash: + patched: '2022-09-30T00:18:40.561Z' + - rest-hooks > @rest-hooks/core > flux-standard-action > lodash: + patched: '2022-09-30T00:18:40.561Z' + - styled-components > babel-plugin-styled-components > @babel/helper-annotate-as-pure > @babel/types > lodash: + patched: '2022-09-30T00:18:40.561Z' + - styled-components > @babel/traverse > @babel/helper-split-export-declaration > @babel/types > lodash: + patched: '2022-09-30T00:18:40.561Z' + - styled-components > @babel/traverse > @babel/helper-function-name > @babel/template > @babel/types > lodash: + patched: '2022-09-30T00:18:40.561Z' + - '@papercups-io/chat-widget > theme-ui > @theme-ui/mdx > @emotion/styled > babel-plugin-emotion > @babel/helper-module-imports > @babel/types > lodash': + patched: '2022-09-30T00:18:40.561Z' + - '@papercups-io/chat-widget > theme-ui > @theme-ui/theme-provider > @theme-ui/mdx > @emotion/styled > babel-plugin-emotion > @babel/helper-module-imports > @babel/types > lodash': + patched: '2022-09-30T00:18:40.561Z' + - '@papercups-io/chat-widget > theme-ui > @theme-ui/theme-provider > @theme-ui/mdx > @emotion/core > @emotion/css > babel-plugin-emotion > @babel/helper-module-imports > @babel/types > lodash': + patched: '2022-09-30T00:18:40.561Z' + - '@papercups-io/chat-widget > theme-ui > @theme-ui/theme-provider > @theme-ui/color-modes > @theme-ui/core > @emotion/core > @emotion/css > babel-plugin-emotion > @babel/helper-module-imports > @babel/types > lodash': + patched: '2022-09-30T00:18:40.561Z' diff --git a/airbyte-webapp/package-lock.json b/airbyte-webapp/package-lock.json index ba7aba6fbe9f6..39ce19190b306 100644 --- a/airbyte-webapp/package-lock.json +++ b/airbyte-webapp/package-lock.json @@ -4015,6 +4015,11 @@ "@sinonjs/commons": "^1.7.0" } }, + "@snyk/protect": { + "version": "1.1017.0", + "resolved": "https://registry.npmjs.org/@snyk/protect/-/protect-1.1017.0.tgz", + "integrity": "sha512-6WHVyRUBba7Q/e6BAbn3+J3SSvBQU0Ps9YItg9Z/B7w91JusSCq6P4KTNt66AZxHwQ1X2iUbIWrkNEIpKuXePQ==" + }, "@styled-system/background": { "version": "5.1.2", "resolved": "https://registry.npmjs.org/@styled-system/background/-/background-5.1.2.tgz", @@ -7286,7 +7291,8 @@ "colorette": { "version": "1.2.1", "resolved": "https://registry.npmjs.org/colorette/-/colorette-1.2.1.tgz", - "integrity": "sha512-puCDz0CzydiSYOrnXpz/PKd69zRrribezjtE9yd4zvytoRc8+RY/KJPvtPFKZS3E3wP6neGyMe0vOTlHO5L3Pw==" + "integrity": "sha512-puCDz0CzydiSYOrnXpz/PKd69zRrribezjtE9yd4zvytoRc8+RY/KJPvtPFKZS3E3wP6neGyMe0vOTlHO5L3Pw==", + "dev": true }, "combined-stream": { "version": "1.0.8", @@ -10420,11 +10426,6 @@ "lodash": "^4.17.15" } }, - "fn-name": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/fn-name/-/fn-name-3.0.0.tgz", - "integrity": "sha512-eNMNr5exLoavuAMhIUVsOKF79SWd/zG104ef6sxBTSw+cZc6BXdQXDvYcGvp0VbxVVSp1XDUNoz7mg1xMtSznA==" - }, "follow-redirects": { "version": "1.13.2", "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.13.2.tgz", @@ -12089,7 +12090,8 @@ "isarray": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", - "integrity": "sha1-u5NdSFgsuhaMBoNJV6VKPgcSTxE=" + "integrity": "sha1-u5NdSFgsuhaMBoNJV6VKPgcSTxE=", + "dev": true }, "isexe": { "version": "2.0.0", @@ -15164,7 +15166,8 @@ "klona": { "version": "2.0.4", "resolved": "https://registry.npmjs.org/klona/-/klona-2.0.4.tgz", - "integrity": "sha512-ZRbnvdg/NxqzC7L9Uyqzf4psi1OM4Cuc+sJAkQPjO6XkQIJTNbfK2Rsmbw8fx1p2mkZdp2FZYo2+LwXYY/uwIA==" + "integrity": "sha512-ZRbnvdg/NxqzC7L9Uyqzf4psi1OM4Cuc+sJAkQPjO6XkQIJTNbfK2Rsmbw8fx1p2mkZdp2FZYo2+LwXYY/uwIA==", + "dev": true }, "language-subtag-registry": { "version": "0.3.21", @@ -15207,25 +15210,6 @@ "type-check": "~0.4.0" } }, - "line-column": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/line-column/-/line-column-1.0.2.tgz", - "integrity": "sha1-0lryk2tvSEkXKzEuR5LR2Ye8NKI=", - "requires": { - "isarray": "^1.0.0", - "isobject": "^2.0.0" - }, - "dependencies": { - "isobject": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/isobject/-/isobject-2.1.0.tgz", - "integrity": "sha1-8GVWEJaj8dou9GJy+BXIQNh+DIk=", - "requires": { - "isarray": "1.0.0" - } - } - } - }, "lines-and-columns": { "version": "1.1.6", "resolved": "https://registry.npmjs.org/lines-and-columns/-/lines-and-columns-1.1.6.tgz", @@ -16775,7 +16759,7 @@ "parse-srcset": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/parse-srcset/-/parse-srcset-1.0.2.tgz", - "integrity": "sha1-8r0iH2zJcKk42IVWq8WJyqqiveE=" + "integrity": "sha512-/2qh0lav6CmI15FzA3i/2Bzk2zCgQhGMkvhOhKNcBVQ1ldgpbfiNTVslmooUmWJcADi1f1kIeynbDRVzNlfR6Q==" }, "parse5": { "version": "5.1.1", @@ -16897,6 +16881,11 @@ "resolved": "https://registry.npmjs.org/phoenix/-/phoenix-1.5.7.tgz", "integrity": "sha512-RgVdTRsK5NpnUPkjPyLg9P8qQQvuDaUsazH06t+ARu9EnPryQ7asE76VDjVZ43fqjY/p8er6y6OQb17YViG47g==" }, + "picocolors": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.0.0.tgz", + "integrity": "sha512-1fygroTLlHu66zi26VoTDv8yRgm0Fccecssto+MhsZ0D/DGW2sm8E8AjW7NU5VVTRt5GxbeZ5qBuJr+HyLYkjQ==" + }, "picomatch": { "version": "2.2.2", "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.2.2.tgz", @@ -18311,9 +18300,9 @@ } }, "property-expr": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/property-expr/-/property-expr-2.0.2.tgz", - "integrity": "sha512-bc/5ggaYZxNkFKj374aLbEDqVADdYaLcFo8XBkishUWbaAdjlphaBFns9TvRA2pUseVL/wMFmui9X3IdNDU37g==" + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/property-expr/-/property-expr-2.0.5.tgz", + "integrity": "sha512-IJUkICM5dP5znhCckHSv30Q4b5/JA5enCtkRHYaOVOAocnH/1BQEYTC5NMfT3AVl/iXKdr3aqQbQn9DxyWknwA==" }, "proxy-addr": { "version": "2.0.6", @@ -19999,17 +19988,16 @@ } }, "sanitize-html": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/sanitize-html/-/sanitize-html-2.1.2.tgz", - "integrity": "sha512-i/h+fJal+609o6GlWFpQmAL7E5ZL4rrb0QwbDKQue2uift+4WKMe/HViRGawP4Q/UgswdDKxMqjDRrKPtCpBMg==", + "version": "2.7.1", + "resolved": "https://registry.npmjs.org/sanitize-html/-/sanitize-html-2.7.1.tgz", + "integrity": "sha512-oOpe8l4J8CaBk++2haoN5yNI5beekjuHv3JRPKUx/7h40Rdr85pemn4NkvUB3TcBP7yjat574sPlcMAyv4UQig==", "requires": { "deepmerge": "^4.2.2", "escape-string-regexp": "^4.0.0", - "htmlparser2": "^4.1.0", + "htmlparser2": "^6.0.0", "is-plain-object": "^5.0.0", - "klona": "^2.0.3", "parse-srcset": "^1.0.2", - "postcss": "^8.0.2" + "postcss": "^8.3.11" }, "dependencies": { "deepmerge": { @@ -20018,36 +20006,36 @@ "integrity": "sha512-FJ3UgI4gIl+PHZm53knsuSFpE+nESMr7M4v9QcgB7S63Kj/6WqMiFQJpBBYz1Pt+66bZpP3Q7Lye0Oo9MPKEdg==" }, "dom-serializer": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-1.1.0.tgz", - "integrity": "sha512-ox7bvGXt2n+uLWtCRLybYx60IrOlWL/aCebWJk1T0d4m3y2tzf4U3ij9wBMUb6YJZpz06HCCYuyCDveE2xXmzQ==", + "version": "1.4.1", + "resolved": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-1.4.1.tgz", + "integrity": "sha512-VHwB3KfrcOOkelEG2ZOfxqLZdfkil8PtJi4P8N2MMXucZq2yLp75ClViUlOVwyoHEDjYU433Aq+5zWP61+RGag==", "requires": { "domelementtype": "^2.0.1", - "domhandler": "^3.0.0", + "domhandler": "^4.2.0", "entities": "^2.0.0" } }, "domelementtype": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/domelementtype/-/domelementtype-2.0.2.tgz", - "integrity": "sha512-wFwTwCVebUrMgGeAwRL/NhZtHAUyT9n9yg4IMDwf10+6iCMxSkVq9MGCVEH+QZWo1nNidy8kNvwmv4zWHDTqvA==" + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/domelementtype/-/domelementtype-2.3.0.tgz", + "integrity": "sha512-OLETBj6w0OsagBwdXnPdN0cnMfF9opN69co+7ZrbfPGrdpPVNBUj02spi6B1N7wChLQiPn4CSH/zJvXw56gmHw==" }, "domhandler": { - "version": "3.3.0", - "resolved": "https://registry.npmjs.org/domhandler/-/domhandler-3.3.0.tgz", - "integrity": "sha512-J1C5rIANUbuYK+FuFL98650rihynUOEzRLxW+90bKZRWB6A1X1Tf82GxR1qAWLyfNPRvjqfip3Q5tdYlmAa9lA==", + "version": "4.3.1", + "resolved": "https://registry.npmjs.org/domhandler/-/domhandler-4.3.1.tgz", + "integrity": "sha512-GrwoxYN+uWlzO8uhUXRl0P+kHE4GtVPfYzVLcUxPL7KNdHKj66vvlhiweIHqYYXWlw+T8iLMp42Lm67ghw4WMQ==", "requires": { - "domelementtype": "^2.0.1" + "domelementtype": "^2.2.0" } }, "domutils": { - "version": "2.4.2", - "resolved": "https://registry.npmjs.org/domutils/-/domutils-2.4.2.tgz", - "integrity": "sha512-NKbgaM8ZJOecTZsIzW5gSuplsX2IWW2mIK7xVr8hTQF2v1CJWTmLZ1HOCh5sH+IzVPAGE5IucooOkvwBRAdowA==", + "version": "2.8.0", + "resolved": "https://registry.npmjs.org/domutils/-/domutils-2.8.0.tgz", + "integrity": "sha512-w96Cjofp72M5IIhpjgobBimYEfoPjx1Vx0BSX9P30WBdZW2WIKU0T1Bd0kz2eNZ9ikjKgHbEyKx8BB6H1L3h3A==", "requires": { "dom-serializer": "^1.0.1", - "domelementtype": "^2.0.1", - "domhandler": "^3.3.0" + "domelementtype": "^2.2.0", + "domhandler": "^4.2.0" } }, "escape-string-regexp": { @@ -20056,13 +20044,13 @@ "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==" }, "htmlparser2": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-4.1.0.tgz", - "integrity": "sha512-4zDq1a1zhE4gQso/c5LP1OtrhYTncXNSpvJYtWJBtXAETPlMfi3IFNjGuQbYLuVY4ZR0QMqRVvo4Pdy9KLyP8Q==", + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-6.1.0.tgz", + "integrity": "sha512-gyyPk6rgonLFEDGoeRgQNaEUvdJ4ktTmmUh/h2t7s+M8oPpIPxgNACWa+6ESR57kXstwqPiCut0V8NRpcwgU7A==", "requires": { "domelementtype": "^2.0.1", - "domhandler": "^3.0.0", - "domutils": "^2.0.0", + "domhandler": "^4.0.0", + "domutils": "^2.5.2", "entities": "^2.0.0" } }, @@ -20072,25 +20060,19 @@ "integrity": "sha512-VRSzKkbMm5jMDoKLbltAkFQ5Qr7VDiTFGXxYFXXowVj387GeGNOCsOH6Msy00SGZ3Fp84b1Naa1psqgcCIEP5Q==" }, "nanoid": { - "version": "3.1.16", - "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.1.16.tgz", - "integrity": "sha512-+AK8MN0WHji40lj8AEuwLOvLSbWYApQpre/aFJZD71r43wVRLrOYS4FmJOPQYon1TqB462RzrrxlfA74XRES8w==" + "version": "3.3.4", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz", + "integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==" }, "postcss": { - "version": "8.1.6", - "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.1.6.tgz", - "integrity": "sha512-JuifSl4h8dJ70SiMXKjzCxhalE6p2TnMHuq9G8ftyXj2jg6SXzqCsEuxMj9RkmJoO5D+Z9YrWunNkxqpRT02qg==", + "version": "8.4.16", + "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.16.tgz", + "integrity": "sha512-ipHE1XBvKzm5xI7hiHCZJCSugxvsdq2mPnsq5+UF+VHCjiBvtDrlxJfMBToWaP9D5XlgNmcFGqoHmUn0EYEaRQ==", "requires": { - "colorette": "^1.2.1", - "line-column": "^1.0.2", - "nanoid": "^3.1.16", - "source-map": "^0.6.1" + "nanoid": "^3.3.4", + "picocolors": "^1.0.0", + "source-map-js": "^1.0.2" } - }, - "source-map": { - "version": "0.6.1", - "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", - "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==" } } }, @@ -20729,6 +20711,11 @@ "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.5.7.tgz", "integrity": "sha1-igOdLRAh0i0eoUyA2OpGi6LvP8w=" }, + "source-map-js": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.0.2.tgz", + "integrity": "sha512-R0XvVJ9WusLiqTCEiGCmICCMplcCkIwwR11mOSD9CR5u+IXYdiseeEuXCVAjS54zqwkLcPNnmU4OeJ6tUrWhDw==" + }, "source-map-resolve": { "version": "0.5.3", "resolved": "https://registry.npmjs.org/source-map-resolve/-/source-map-resolve-0.5.3.tgz", @@ -21479,11 +21466,6 @@ "integrity": "sha512-9QNk5KwDF+Bvz+PyObkmSYjI5ksVUYtjW7AU22r2NKcfLJcXp96hkDWU3+XndOsUb+AQ9QhfzfCT2O+CNWT5Tw==", "dev": true }, - "synchronous-promise": { - "version": "2.0.13", - "resolved": "https://registry.npmjs.org/synchronous-promise/-/synchronous-promise-2.0.13.tgz", - "integrity": "sha512-R9N6uDkVsghHePKh1TEqbnLddO2IY25OcsksyFp/qBe7XYd0PVbKEWxhcdMhpLzE1I6skj5l4aEZ3CRxcbArlA==" - }, "table": { "version": "6.0.7", "resolved": "https://registry.npmjs.org/table/-/table-6.0.7.tgz", @@ -21906,7 +21888,7 @@ "toposort": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/toposort/-/toposort-2.0.2.tgz", - "integrity": "sha1-riF2gXXRVZ1IvvNUILL0li8JwzA=" + "integrity": "sha512-0a5EOkAUp8D4moMi2W8ZF8jcga7BgZd91O/yabJCFY8az+XSzeGyTKs0Aoo897iV1Nj6guFq8orWDS96z91oGg==" }, "tough-cookie": { "version": "3.0.1", @@ -24124,17 +24106,22 @@ "dev": true }, "yup": { - "version": "0.28.5", - "resolved": "https://registry.npmjs.org/yup/-/yup-0.28.5.tgz", - "integrity": "sha512-7JZcvpUGUxMKoaEtcoMEM8lCWRaueGNH/A3EhL/UWqfbFm3uloiI+x59Yq4nzhbbYWUTwAsCteaZOJ+VbqI1uw==", + "version": "0.30.0", + "resolved": "https://registry.npmjs.org/yup/-/yup-0.30.0.tgz", + "integrity": "sha512-GX3vqpC9E+Ow0fmQPgqbEg7UV40XRrN1IOEgKF5v04v6T4ha2vBas/hu0thWgewk8L4wUEBLRO/EnXwYyP+p+A==", "requires": { - "@babel/runtime": "^7.9.6", - "fn-name": "~3.0.0", - "lodash": "^4.17.15", + "@babel/runtime": "^7.10.5", + "lodash": "^4.17.20", "lodash-es": "^4.17.11", - "property-expr": "^2.0.2", - "synchronous-promise": "^2.0.10", + "property-expr": "^2.0.4", "toposort": "^2.0.2" + }, + "dependencies": { + "lodash": { + "version": "4.17.21", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" + } } } } diff --git a/airbyte-webapp/package.json b/airbyte-webapp/package.json index fc27144450511..2c9cbcd35ce10 100644 --- a/airbyte-webapp/package.json +++ b/airbyte-webapp/package.json @@ -7,7 +7,9 @@ "build": "react-scripts build", "test": "react-scripts test", "format": "prettier --write 'src/**/*.{ts,tsx}'", - "lint": "eslint --ext js,ts,tsx src" + "lint": "eslint --ext js,ts,tsx src", + "prepare": "npm run snyk-protect", + "snyk-protect": "snyk-protect" }, "dependencies": { "@fortawesome/fontawesome-svg-core": "^1.2.27", @@ -39,9 +41,10 @@ "react-use": "^15.3.8", "react-widgets": "^4.5.0", "rest-hooks": "^5.0.3", - "sanitize-html": "^2.1.2", + "sanitize-html": "^2.7.1", "styled-components": "^5.1.1", - "yup": "^0.28.1" + "yup": "^0.30.0", + "@snyk/protect": "latest" }, "devDependencies": { "@testing-library/jest-dom": "^4.2.4", @@ -95,5 +98,6 @@ "last 1 firefox version", "last 1 safari version" ] - } + }, + "snyk": true }