diff --git a/test/fixtures/pkg-mean-io/.snyk b/test/fixtures/pkg-mean-io/.snyk new file mode 100644 index 0000000000..8949582dea --- /dev/null +++ b/test/fixtures/pkg-mean-io/.snyk @@ -0,0 +1,30 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.14.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - lodash: + patched: '2020-05-01T06:55:09.537Z' + - assetmanager > lodash: + patched: '2020-05-01T06:55:09.537Z' + - meanio > lodash: + patched: '2020-05-01T06:55:09.537Z' + - meanio > assetmanager > lodash: + patched: '2020-05-01T06:55:09.537Z' + - assetmanager > grunt > grunt-legacy-log > lodash: + patched: '2020-05-01T06:55:09.537Z' + - assetmanager > grunt > grunt-legacy-util > lodash: + patched: '2020-05-01T06:55:09.537Z' + - meanio > mongoose > async > lodash: + patched: '2020-05-01T06:55:09.537Z' + - assetmanager > grunt > grunt-legacy-log > grunt-legacy-log-utils > lodash: + patched: '2020-05-01T06:55:09.537Z' + - meanio > assetmanager > grunt > grunt-legacy-log > lodash: + patched: '2020-05-01T06:55:09.537Z' + - meanio > assetmanager > grunt > grunt-legacy-util > lodash: + patched: '2020-05-01T06:55:09.537Z' + - npm > request > form-data > async > lodash: + patched: '2020-05-01T06:55:09.537Z' + - meanio > assetmanager > grunt > grunt-legacy-log > grunt-legacy-log-utils > lodash: + patched: '2020-05-01T06:55:09.537Z' diff --git a/test/fixtures/pkg-mean-io/package.json b/test/fixtures/pkg-mean-io/package.json index 5f40c3ca25..9e8413a80c 100644 --- a/test/fixtures/pkg-mean-io/package.json +++ b/test/fixtures/pkg-mean-io/package.json @@ -42,7 +42,7 @@ "morgan": "latest", "ms": "latest", "nodemailer": "latest", - "npm": "^2.1.0", + "npm": "^6.13.4", "passport-facebook": "latest", "passport-github": "latest", "passport-google-oauth": "latest", @@ -55,7 +55,7 @@ "shelljs": "latest", "swig": "latest", "view-helpers": "latest", - "snyk": "*" + "snyk": "^1.316.1" }, "devDependencies": { "del": "latest",