chore: updates semver and ignore semver vulnerability until Snyk is u…

…pdated with the new info on the backported fixes
mongodb-js · Jul 11, 2023 · d86a507 · d86a507
1 parent 1daa01e
commit d86a507
Show file tree

Hide file tree

Showing 7 changed files with 301 additions and 295 deletions.
diff --git a/.snyk b/.snyk
@@ -1,6 +1,12 @@
 # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
-version: v1.12.0
-ignore: {}
+version: v1.25.0
+# ignores vulnerabilities until expiry date; change duration by modifying expiry date
+ignore:
+  SNYK-JS-SEMVER-3247795:
+    - '*':
+        reason: "Security patches released for semver 5.x (5.7.2) and 6.x (6.3.1) are not yet known to Snyk which is why we would like to ignore this vulnerability until the mentioned expiry."
+        expires: 2023-08-10T16:09:46.300Z
+        created: 2023-07-11T16:09:46.310Z
 # patches apply the minimum changes required to fix a vulnerability
 patch:
   'npm:ms:20170412':

diff --git a/package-lock.json b/package-lock.json
diff --git a/packages/app-migrations/package.json b/packages/app-migrations/package.json
@@ -26,7 +26,7 @@
     "async": "^3.2.2",
     "debug": "^4.2.0",
     "lodash": "^4.17.21",
-    "semver": "^7.1.1"
+    "semver": "^7.5.4"
   },
   "devDependencies": {
     "depcheck": "^1.4.1",

diff --git a/packages/compass-crud/package.json b/packages/compass-crud/package.json
@@ -104,7 +104,7 @@
     "react-dom": "^17.0.2",
     "reflux": "^0.4.1",
     "reflux-state-mixin": "github:mongodb-js/reflux-state-mixin",
-    "semver": "^7.5.2",
+    "semver": "^7.5.4",
     "sinon": "^8.1.1"
   },
   "dependencies": {

diff --git a/packages/compass-editor/package.json b/packages/compass-editor/package.json
@@ -79,6 +79,6 @@
     "@mongodb-js/mongodb-constants": "^0.6.0",
     "polished": "^4.2.2",
     "prettier": "^2.7.1",
-    "semver": "^7.5.0"
+    "semver": "^7.5.4"
   }
 }
diff --git a/packages/compass/package.json b/packages/compass/package.json
@@ -262,7 +262,7 @@
     "react": "^17.0.2",
     "react-dom": "^17.0.2",
     "reflux": "^0.4.1",
-    "semver": "^7.3.5",
+    "semver": "^7.5.4",
     "sinon": "^8.1.1",
     "source-code-pro": "^2.38.0",
     "storage-mixin": "^5.1.5",

diff --git a/scripts/package.json b/scripts/package.json
@@ -38,8 +38,8 @@
   },
   "dependencies": {
     "@mongodb-js/devtools-docker-test-envs": "^1.2.4",
-    "@mongodb-js/webpack-config-compass": "^1.1.0",
     "@mongodb-js/monorepo-tools": "^1.1.1",
+    "@mongodb-js/webpack-config-compass": "^1.1.0",
     "commander": "^11.0.0",
     "cross-spawn": "^7.0.3",
     "electron": "^23.3.9",
@@ -57,7 +57,7 @@
     "pkg-up": "^3.1.0",
     "prompts": "^2.4.1",
     "rimraf": "^5.0.1",
-    "semver": "^7.3.5",
+    "semver": "^7.5.4",
     "uuid": "^8.3.2",
     "yargs-parser": "^21.1.1"
   }