From 42274f808d08e6a2d7a66e2afe489e4ae6d594f9 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 8 Apr 2022 16:05:46 +0000 Subject: [PATCH] fix: package.json & yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ASYNC-2441827 --- package.json | 2 +- yarn.lock | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/package.json b/package.json index aec9bb43..cc7bcba4 100644 --- a/package.json +++ b/package.json @@ -18,7 +18,7 @@ }, "dependencies": { "optimist": "~0.6", - "uglify-js": "2.6.0" + "uglify-js": "2.8.6" }, "devDependencies": { "@commitlint/cli": "^7.0.0", diff --git a/yarn.lock b/yarn.lock index 65c98a93..a3340255 100644 --- a/yarn.lock +++ b/yarn.lock @@ -7698,6 +7698,15 @@ uglify-js@2.6.0: uglify-to-browserify "~1.0.0" yargs "~3.10.0" +uglify-js@2.8.6: + version "2.8.6" + resolved "https://registry.yarnpkg.com/uglify-js/-/uglify-js-2.8.6.tgz#1eda564ce4fe4ddb82db834f78525fdeb76b4b99" + integrity sha1-HtpWTOT+TduC24NPeFJf3rdrS5k= + dependencies: + source-map "~0.5.1" + uglify-to-browserify "~1.0.0" + yargs "~3.10.0" + uglify-js@^2.6: version "2.8.29" resolved "https://registry.yarnpkg.com/uglify-js/-/uglify-js-2.8.29.tgz#29c5733148057bb4e1f75df35b7a9cb72e6a59dd"