From d80b59460547a4f3b5f8fcfb5d46945200686f63 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 16 Sep 2025 04:39:30 +0000 Subject: [PATCH 1/6] fix: test/fixtures/snyk-test-all-projects-exit-codes/project-with-issues-and-project-with-error/project-with-issues/package.json & test/fixtures/snyk-test-all-projects-exit-codes/project-with-issues-and-project-with-error/project-with-issues/package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-LODASH-6139239 - https://snyk.io/vuln/SNYK-JS-LODASH-608086 - https://snyk.io/vuln/SNYK-JS-LODASH-1040724 --- .../project-with-issues/package-lock.json | 16 +++++++++------- .../project-with-issues/package.json | 2 +- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/test/fixtures/snyk-test-all-projects-exit-codes/project-with-issues-and-project-with-error/project-with-issues/package-lock.json b/test/fixtures/snyk-test-all-projects-exit-codes/project-with-issues-and-project-with-error/project-with-issues/package-lock.json index b8c5f3248d..6c260ccf02 100644 --- a/test/fixtures/snyk-test-all-projects-exit-codes/project-with-issues-and-project-with-error/project-with-issues/package-lock.json +++ b/test/fixtures/snyk-test-all-projects-exit-codes/project-with-issues-and-project-with-error/project-with-issues/package-lock.json @@ -5,22 +5,24 @@ "requires": true, "packages": { "": { + "name": "project-with-issues", "version": "1.0.0", "dependencies": { - "lodash": "4.17.15" + "lodash": "^4.17.21" } }, "node_modules/lodash": { - "version": "4.17.15", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz", - "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==" + "version": "4.17.21", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==", + "license": "MIT" } }, "dependencies": { "lodash": { - "version": "4.17.15", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz", - "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==" + "version": "4.17.21", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" } } } diff --git a/test/fixtures/snyk-test-all-projects-exit-codes/project-with-issues-and-project-with-error/project-with-issues/package.json b/test/fixtures/snyk-test-all-projects-exit-codes/project-with-issues-and-project-with-error/project-with-issues/package.json index 0beb036541..9e908753d8 100644 --- a/test/fixtures/snyk-test-all-projects-exit-codes/project-with-issues-and-project-with-error/project-with-issues/package.json +++ b/test/fixtures/snyk-test-all-projects-exit-codes/project-with-issues-and-project-with-error/project-with-issues/package.json @@ -7,6 +7,6 @@ "test": "echo \"Error: no test specified\" && exit 1" }, "dependencies": { - "lodash": "4.17.15" + "lodash": "4.17.21" } } From c1c7367deef8fce4a5bba31d64ac356ab7ddf4f6 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 16 Sep 2025 05:11:17 +0000 Subject: [PATCH 2/6] fix: packages/snyk-fix/test/acceptance/plugins/python/handlers/pip-requirements/update-dependencies/workspaces/pip-app/requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2606966 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2606969 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-2940618 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-40027 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-40439 - https://snyk.io/vuln/SNYK-PYTHON-DJANGO-559326 --- .../update-dependencies/workspaces/pip-app/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/snyk-fix/test/acceptance/plugins/python/handlers/pip-requirements/update-dependencies/workspaces/pip-app/requirements.txt b/packages/snyk-fix/test/acceptance/plugins/python/handlers/pip-requirements/update-dependencies/workspaces/pip-app/requirements.txt index 44d5b49554..18490c156d 100644 --- a/packages/snyk-fix/test/acceptance/plugins/python/handlers/pip-requirements/update-dependencies/workspaces/pip-app/requirements.txt +++ b/packages/snyk-fix/test/acceptance/plugins/python/handlers/pip-requirements/update-dependencies/workspaces/pip-app/requirements.txt @@ -1,3 +1,3 @@ -r base.txt -r base2.txt -Django==1.6.1 +Django==3.2.14 From 56617ddcadc24544abd32ba04baced7dcd007933 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 16 Sep 2025 05:55:05 +0000 Subject: [PATCH 3/6] fix: test/acceptance/workspaces/yarn-v2/package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-LODASH-450202 - https://snyk.io/vuln/SNYK-JS-LODASH-73638 --- test/acceptance/workspaces/yarn-v2/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/acceptance/workspaces/yarn-v2/package.json b/test/acceptance/workspaces/yarn-v2/package.json index 6bc82f0940..b8cccfbfae 100644 --- a/test/acceptance/workspaces/yarn-v2/package.json +++ b/test/acceptance/workspaces/yarn-v2/package.json @@ -2,6 +2,6 @@ "name": "yarn-v2", "version": "1.0.0", "dependencies": { - "lodash": "4.17.0" + "lodash": "4.17.12" } } From 6a1628b98774509c6f877d183e42ef3888efe3af Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sat, 25 Apr 2026 05:24:35 +0000 Subject: [PATCH 4/6] fix: packages/snyk-protect/test/fixtures/target-module-exists-but-no-patches-for-version/package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-UUID-16133035 --- .../package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/snyk-protect/test/fixtures/target-module-exists-but-no-patches-for-version/package.json b/packages/snyk-protect/test/fixtures/target-module-exists-but-no-patches-for-version/package.json index 712d6363dc..62c40cfe62 100644 --- a/packages/snyk-protect/test/fixtures/target-module-exists-but-no-patches-for-version/package.json +++ b/packages/snyk-protect/test/fixtures/target-module-exists-but-no-patches-for-version/package.json @@ -7,7 +7,7 @@ "url": "https://github.com/Snyk/snyk-todo-list-demo-app/" }, "dependencies": { - "tap": "11.1.3" + "tap": "18.0.0" }, "license": "Apache-2.0" } From 66235a44dbc7a0d3b0624999449ffe5358704748 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sat, 25 Apr 2026 05:24:42 +0000 Subject: [PATCH 5/6] fix: package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-UUID-16133035 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index e7a079681c..24660beb86 100644 --- a/package.json +++ b/package.json @@ -132,7 +132,7 @@ "snyk-swiftpm-plugin": "1.4.1", "strip-ansi": "^6.0.1", "tar": "^7.5.8", - "uuid": "^8.3.2", + "uuid": "^14.0.0", "wrap-ansi": "^5.1.0" }, "devDependencies": { From ae41fd735b2838f24da615e770ffaa1310be3978 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sat, 25 Apr 2026 14:27:18 +0000 Subject: [PATCH 6/6] fix: packages/snyk-protect/test/fixtures/target-module-exists-but-no-patches-for-version/package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-TAR-15032660 - https://snyk.io/vuln/SNYK-JS-TAR-15038581 - https://snyk.io/vuln/SNYK-JS-TAR-15127355 - https://snyk.io/vuln/SNYK-JS-TAR-15307072 - https://snyk.io/vuln/SNYK-JS-TAR-15416075 - https://snyk.io/vuln/SNYK-JS-TAR-15456201 - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 --- .../package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/snyk-protect/test/fixtures/target-module-exists-but-no-patches-for-version/package.json b/packages/snyk-protect/test/fixtures/target-module-exists-but-no-patches-for-version/package.json index 62c40cfe62..c862540254 100644 --- a/packages/snyk-protect/test/fixtures/target-module-exists-but-no-patches-for-version/package.json +++ b/packages/snyk-protect/test/fixtures/target-module-exists-but-no-patches-for-version/package.json @@ -7,7 +7,7 @@ "url": "https://github.com/Snyk/snyk-todo-list-demo-app/" }, "dependencies": { - "tap": "18.0.0" + "tap": "21.1.1" }, "license": "Apache-2.0" }