From d2461ff9aa373fde34eedb3aaa3a3f3b8de170b6 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 3 Sep 2021 22:24:44 +0000 Subject: [PATCH] fix: elasticsearch/build/package.json & elasticsearch/build/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:minimatch:20160620 --- elasticsearch/build/.snyk | 10 ++++++++++ elasticsearch/build/package.json | 10 +++++++--- 2 files changed, 17 insertions(+), 3 deletions(-) create mode 100644 elasticsearch/build/.snyk diff --git a/elasticsearch/build/.snyk b/elasticsearch/build/.snyk new file mode 100644 index 000000000000..ba43652e2208 --- /dev/null +++ b/elasticsearch/build/.snyk @@ -0,0 +1,10 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.21.5 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:minimatch:20160620': + - gulp > vinyl-fs > glob-watcher > gaze > globule > minimatch: + patched: '2021-09-03T22:24:42.842Z' + - gulp > vinyl-fs > glob-watcher > gaze > globule > glob > minimatch: + patched: '2021-09-03T22:24:42.842Z' diff --git a/elasticsearch/build/package.json b/elasticsearch/build/package.json index 9778433430f1..1071348c9ee5 100644 --- a/elasticsearch/build/package.json +++ b/elasticsearch/build/package.json @@ -7,12 +7,16 @@ "gulp": "^3.9.0", "gulp-util": "^3.0.6", "lodash": "^3.10.1", - "yamljs": "^0.2.4" + "yamljs": "^0.2.4", + "@snyk/protect": "latest" }, "devDependencies": {}, "scripts": { - "test": "echo \"Error: no test specified\" && exit 1" + "test": "echo \"Error: no test specified\" && exit 1", + "prepublish": "npm run snyk-protect", + "snyk-protect": "snyk-protect" }, "author": "Trent Swanson", - "license": "MIT" + "license": "MIT", + "snyk": true }