fix: ui/package.json, ui/yarn.lock & ui/.snyk to reduce vulnerabilities

The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746
4 years ago · 0eb77dc453
parent 17b38cbf4e
commit 0eb77dc453
3 changed files with 2292 additions and 79 deletions
--- a/ui/.snyk
+++ b/ui/.snyk
@ -0,0 +1,8 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.16.0
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-LODASH-567746:
+    - react-resize-detector > lodash:
+        patched: '2020-07-17T09:00:07.281Z'
--- a/ui/package.json
+++ b/ui/package.json
@ -106,12 +106,15 @@
    "timeago-react": "^3.0.0",
    "timeago.js": "^4.0.2",
    "uuid": "^8.2.0",
-    "vj-simplemde": "0.0.8"
+    "vj-simplemde": "0.0.8",
+    "snyk": "^1.362.1"
  },
  "scripts": {
    "build": "node build",
    "build:production": "node build --production",
-    "lint": "eslint components constant pages utils --fix"
+    "lint": "eslint components constant pages utils --fix",
+    "snyk-protect": "snyk protect",
+    "prepare": "yarn run snyk-protect"
  },
  "babel": {
    "plugins": [
@ -206,5 +209,6 @@
      ],
      "@babel/preset-react"
    ]
-  }
+  },
+  "snyk": true
 }
--- a/ui/yarn.lock
+++ b/ui/yarn.lock