Use upstream deps

package.json

@@ -53,14 +53,10 @@
   "author": "snyk.io",
   "license": "Apache-2.0",
   "dependencies": {
-    "@snyk/cli-interface": "2.9.0",
-    "@snyk/dep-graph": "1.19.3",
+    "@snyk/cli-interface": "2.9.2",
+    "@snyk/dep-graph": "1.19.4",
     "@snyk/gemfile": "1.2.0",
-    "@snyk/graphlib": "2.1.9-patch",
-    "@snyk/inquirer": "6.2.2-patch",
-    "@snyk/lodash": "^4.17.15-patch",
-    "@snyk/ruby-semver": "2.2.0",
-    "@snyk/snyk-cocoapods-plugin": "2.5.0",
+    "@snyk/snyk-cocoapods-plugin": "2.5.1",
     "abbrev": "^1.1.1",
     "ansi-escapes": "3.2.0",
     "chalk": "^2.4.2",
@@ -69,22 +65,25 @@
     "debug": "^4.1.1",
     "diff": "^4.0.1",
     "glob": "^7.1.3",
+    "graphlib": "^2.1.8",
+    "inquirer": "^7.3.3",
+    "lodash": "^4.17.20",
     "needle": "2.5.0",
     "open": "^7.0.3",
     "os-name": "^3.0.0",
     "proxy-agent": "^3.1.1",
     "proxy-from-env": "^1.0.0",
     "semver": "^6.0.0",
-    "snyk-config": "3.1.0",
+    "snyk-config": "3.1.1",
     "snyk-cpp-plugin": "1.4.3",
     "snyk-docker-plugin": "3.20.0",
-    "snyk-go-plugin": "1.16.0",
-    "snyk-gradle-plugin": "3.6.2",
+    "snyk-go-plugin": "1.16.2",
+    "snyk-gradle-plugin": "3.6.3",
     "snyk-module": "3.1.0",
-    "snyk-mvn-plugin": "2.19.3",
-    "snyk-nodejs-lockfile-parser": "1.28.0",
-    "snyk-nuget-plugin": "1.18.1",
-    "snyk-php-plugin": "1.9.0",
+    "snyk-mvn-plugin": "2.19.4",
+    "snyk-nodejs-lockfile-parser": "1.28.1",
+    "snyk-nuget-plugin": "1.19.3",
+    "snyk-php-plugin": "1.9.2",
     "snyk-policy": "1.14.1",
     "snyk-python-plugin": "1.17.1",
     "snyk-resolve": "1.0.1",
@@ -102,7 +101,9 @@
   "devDependencies": {
     "@types/agent-base": "^4.2.1",
     "@types/diff": "^3.5.2",
+    "@types/graphlib": "^2.1.7",
     "@types/jest": "^25.2.3",
+    "@types/lodash": "^4.14.161",
     "@types/needle": "^2.0.4",
     "@types/node": "8.10.59",
     "@types/restify": "^8.4.2",

src/cli/commands/monitor/formatters/format-monitor-response.ts

@@ -1,4 +1,4 @@
-import * as _ from '@snyk/lodash';
+import * as _ from 'lodash';
 import chalk from 'chalk';
 import * as url from 'url';
 

src/cli/commands/protect/prompts.ts

@@ -9,7 +9,7 @@ export {
   startOver,
 };
 
-import * as _ from '@snyk/lodash';
+import * as _ from 'lodash';
 import * as semver from 'semver';
 import { format as fmt } from 'util';
 import * as debugModule from 'debug';

src/cli/commands/protect/tasks.ts

@@ -2,7 +2,7 @@ export = answersToTasks;
 
 import * as debugModule from 'debug';
 const debug = debugModule('snyk');
-import * as _ from '@snyk/lodash';
+import * as _ from 'lodash';
 
 function answersToTasks(answers) {
   const tasks = {

src/cli/commands/protect/wizard.ts

@@ -10,12 +10,12 @@ import * as debugModule from 'debug';
 const debug = debugModule('snyk');
 
 import * as path from 'path';
-import * as inquirer from '@snyk/inquirer';
+import * as inquirer from 'inquirer';
 import * as fs from 'fs';
 import * as tryRequire from 'snyk-try-require';
 import chalk from 'chalk';
 import * as url from 'url';
-import * as _ from '@snyk/lodash';
+import * as _ from 'lodash';
 import { exec } from 'child_process';
 import { apiTokenExists } from '../../../lib/api-token';
 import * as auth from '../auth/is-authed';

src/cli/commands/test/formatters/docker/format-docker-binary-heading.ts

@@ -1,4 +1,4 @@
-import * as _ from '@snyk/lodash';
+import * as _ from 'lodash';
 import chalk from 'chalk';
 
 export function createDockerBinaryHeading(pkgInfo): string {

src/cli/commands/test/formatters/docker/format-docker-binary-issues.ts

@@ -1,4 +1,4 @@
-import * as _ from '@snyk/lodash';
+import * as _ from 'lodash';
 import { createDockerBinaryHeading } from './format-docker-binary-heading';
 import { Options, TestOptions } from '../../../../../lib/types';
 import { formatIssues } from '../legacy-format-issue';

src/cli/commands/test/formatters/legacy-format-issue.ts

@@ -1,4 +1,4 @@
-import * as _ from '@snyk/lodash';
+import * as _ from 'lodash';
 import chalk from 'chalk';
 import * as config from '../../../../lib/config';
 import { Options, TestOptions, ShowVulnPaths } from '../../../../lib/types';

src/cli/commands/test/index.ts

@@ -1,6 +1,6 @@
 export = test;
 
-import * as _ from '@snyk/lodash';
+import * as _ from 'lodash';
 import chalk from 'chalk';
 import * as snyk from '../../../lib';
 import * as config from '../../../lib/config';

src/lib/detect.ts

@@ -1,7 +1,7 @@
 import * as fs from 'fs';
 import * as pathLib from 'path';
 import * as debugLib from 'debug';
-import * as _ from '@snyk/lodash';
+import * as _ from 'lodash';
 import { NoSupportedManifestsFoundError } from './errors';
 import { SupportedPackageManagers } from './package-managers';
 import { validateK8sFile } from './iac/iac-parser';

src/lib/find-files.ts

@@ -1,6 +1,6 @@
 import * as fs from 'fs';
 import * as pathLib from 'path';
-import * as _ from '@snyk/lodash';
+import * as _ from 'lodash';
 import { detectPackageManagerFromFile } from './detect';
 import * as debugModule from 'debug';
 const debug = debugModule('snyk:find-files');

src/lib/module-info/index.ts

@@ -1,4 +1,4 @@
-import * as _ from '@snyk/lodash';
+import * as _ from 'lodash';
 import * as Debug from 'debug';
 import { legacyPlugin as pluginApi } from '@snyk/cli-interface';
 

src/lib/monitor/index.ts

@@ -7,7 +7,7 @@ import { apiTokenExists } from '../api-token';
 import request = require('../request');
 import * as config from '../config';
 import * as os from 'os';
-import * as _ from '@snyk/lodash';
+import * as _ from 'lodash';
 import { isCI } from '../is-ci';
 import * as analytics from '../analytics';
 import {
@@ -221,7 +221,10 @@ async function monitorDepTree(
   depTree = dropEmptyDeps(depTree);
 
   let callGraphPayload;
-  if (options.reachableVulns && scannedProject.callGraph?.innerError) {
+  if (
+    options.reachableVulns &&
+    (scannedProject.callGraph as CallGraphError)?.innerError
+  ) {
     const err = scannedProject.callGraph as CallGraphError;
     analytics.add(
       'callGraphError',
@@ -239,7 +242,7 @@ async function monitorDepTree(
     ]);
   } else if (scannedProject.callGraph) {
     const { callGraph, nodeCount, edgeCount } = serializeCallGraphWithMetrics(
-      scannedProject.callGraph,
+      scannedProject.callGraph as CallGraph,
     );
     debug(
       `Adding call graph to payload, node count: ${nodeCount}, edge count: ${edgeCount}`,

src/lib/plugins/convert-single-splugin-res-to-multi-custom.ts

@@ -1,6 +1,7 @@
 import { legacyPlugin as pluginApi } from '@snyk/cli-interface';
 import { MultiProjectResultCustom } from './get-multi-plugin-result';
 import { SupportedPackageManagers } from '../package-managers';
+import { CallGraph } from '@snyk/cli-interface/legacy/common';
 
 export function convertSingleResultToMultiCustom(
   inspectRes: pluginApi.SinglePackageResult,
@@ -28,7 +29,7 @@ function convertDepGraphResult(
       {
         plugin: plugin as any,
         depGraph,
-        callGraph,
+        callGraph: callGraph as CallGraph,
         meta,
         targetFile: plugin.targetFile,
         packageManager,
@@ -63,7 +64,7 @@ function convertDepTreeResult(
       {
         plugin: plugin as any,
         depTree,
-        callGraph,
+        callGraph: callGraph as CallGraph,
         meta,
         targetFile: plugin.targetFile,
         packageManager,

src/lib/plugins/get-multi-plugin-result.ts

@@ -1,4 +1,4 @@
-import * as _ from '@snyk/lodash';
+import * as _ from 'lodash';
 import * as path from 'path';
 import * as cliInterface from '@snyk/cli-interface';
 import chalk from 'chalk';

src/lib/plugins/nodejs-plugin/npm-modules-parser.ts

@@ -2,7 +2,7 @@ import * as path from 'path';
 import * as fs from 'fs';
 import * as resolveNodeDeps from 'snyk-resolve-deps';
 import * as baseDebug from 'debug';
-import * as _ from '@snyk/lodash';
+import * as _ from 'lodash';
 
 import * as spinner from '../../spinner';
 import * as analytics from '../../analytics';

src/lib/plugins/nodejs-plugin/yarn-workspaces-parser.ts

@@ -1,6 +1,6 @@
 import * as baseDebug from 'debug';
 import * as pathUtil from 'path';
-import * as _ from '@snyk/lodash';
+import * as _ from 'lodash';
 
 const debug = baseDebug('snyk:yarn-workspaces');
 import * as lockFileParser from 'snyk-nodejs-lockfile-parser';

src/lib/plugins/rubygems/index.ts

@@ -1,7 +1,7 @@
 import { inspectors, Spec } from './inspectors';
 import { MissingTargetFileError } from '../../errors/missing-targetfile-error';
 import gemfileLockToDependencies = require('./gemfile-lock-to-dependencies');
-import * as _ from '@snyk/lodash';
+import * as _ from 'lodash';
 import { MultiProjectResult } from '@snyk/cli-interface/legacy/plugin';
 
 export async function inspect(

src/lib/policy/pluck-policies.ts

@@ -1,4 +1,4 @@
-import * as _ from '@snyk/lodash';
+import * as _ from 'lodash';
 import { PackageExpanded } from 'snyk-resolve-deps';
 
 export function pluckPolicies(pkg: PackageExpanded): string[] | string {

src/lib/protect/index.js

@@ -9,7 +9,7 @@ const protect = (module.exports = {
 });
 
 const debug = require('debug')('snyk');
-const _ = require('@snyk/lodash');
+const _ = require('lodash');
 
 function generatePolicy(policy, tasks, live, packageManager) {
   const promises = ['ignore', 'update', 'patch']

src/lib/protect/patch.js

@@ -8,7 +8,7 @@ const glob = require('glob');
 const tempfile = require('tempfile');
 const fs = require('fs');
 const path = require('path');
-const _ = require('@snyk/lodash');
+const _ = require('lodash');
 const applyPatch = require('./apply-patch');
 const stripVersions = require('./strip-versions');
 const getVulnSource = require('./get-vuln-source');

src/lib/protect/update.js

@@ -4,7 +4,7 @@ module.exports.installDev = installDev;
 
 const debug = require('debug')('snyk');
 const chalk = require('chalk');
-const _ = require('@snyk/lodash');
+const _ = require('lodash');
 const { parsePackageString: moduleToObject } = require('snyk-module');
 const semver = require('semver');
 const errors = require('../errors/legacy-errors');

src/lib/reachable-vulns.ts

@@ -1,4 +1,4 @@
-import * as graphlib from '@snyk/graphlib';
+import * as graphlib from 'graphlib';
 import { CallGraph } from '@snyk/cli-interface/legacy/common';
 
 import {

src/lib/snyk-test/legacy.ts

@@ -1,4 +1,4 @@
-import * as _ from '@snyk/lodash';
+import * as _ from 'lodash';
 import * as depGraphLib from '@snyk/dep-graph';
 import { SupportedPackageManagers } from '../package-managers';
 import { SupportedProjectTypes } from '../types';

src/lib/snyk-test/run-test.ts

@@ -1,5 +1,5 @@
 import * as fs from 'fs';
-import * as _ from '@snyk/lodash';
+import * as _ from 'lodash';
 import * as path from 'path';
 import * as debugModule from 'debug';
 import chalk from 'chalk';
@@ -57,7 +57,7 @@ import { validateOptions } from '../options-validator';
 import { findAndLoadPolicy } from '../policy';
 import { assembleIacLocalPayloads, parseIacTestResult } from './run-iac-test';
 import { Payload, PayloadBody, DepTreeFromResolveDeps } from './types';
-import { CallGraphError } from '@snyk/cli-interface/legacy/common';
+import { CallGraphError, CallGraph } from '@snyk/cli-interface/legacy/common';
 import * as alerts from '../alerts';
 import { abridgeErrorMessage } from '../error-format';
 import { getDockerToken } from '../api-token';
@@ -533,7 +533,10 @@ async function assembleLocalPayloads(
         body.depGraph = depGraph;
       }
 
-      if (options.reachableVulns && scannedProject.callGraph?.message) {
+      if (
+        options.reachableVulns &&
+        (scannedProject.callGraph as CallGraphError)?.message
+      ) {
         const err = scannedProject.callGraph as CallGraphError;
         const analyticsError = err.innerError || err;
         analytics.add('callGraphError', {
@@ -555,7 +558,9 @@ async function assembleLocalPayloads(
           callGraph,
           nodeCount,
           edgeCount,
-        } = serializeCallGraphWithMetrics(scannedProject.callGraph);
+        } = serializeCallGraphWithMetrics(
+          scannedProject.callGraph as CallGraph,
+        );
         debug(
           `Adding call graph to payload, node count: ${nodeCount}, edge count: ${edgeCount}`,
         );

test/acceptance/cli-monitor/cli-monitor.acceptance.test.ts

@@ -9,7 +9,7 @@ import * as subProcess from '../../../src/lib/sub-process';
 import { getVersion } from '../../../src/lib/version';
 import { config as userConfig } from '../../../src/lib/user-config';
 import { chdirWorkspaces, getWorkspaceJSON } from '../workspace-helper';
-import * as _ from '@snyk/lodash';
+import * as _ from 'lodash';
 
 // ensure this is required *after* the demo server, since this will
 // configure our fake configuration too

test/acceptance/cli-monitor/cli-monitor.all-projects.spec.ts

@@ -1,5 +1,5 @@
 import * as sinon from 'sinon';
-import * as _ from '@snyk/lodash';
+import * as _ from 'lodash';
 import * as path from 'path';
 import * as depGraphLib from '@snyk/dep-graph';
 

test/acceptance/cli-test/cli-test.iac-k8s.spec.ts

@@ -1,4 +1,4 @@
-import * as _ from '@snyk/lodash';
+import * as _ from 'lodash';
 import {
   iacTest,
   iacTestJson,

test/acceptance/cli-test/cli-test.iac-k8s.utils.ts

@@ -1,4 +1,4 @@
-import * as _ from '@snyk/lodash';
+import * as _ from 'lodash';
 import {
   mapIacTestResult,
   AnnotatedIacIssue,

test/acceptance/cli-test/cli-test.ruby.spec.ts

@@ -1,4 +1,4 @@
-import * as _ from '@snyk/lodash';
+import * as _ from 'lodash';
 import { AcceptanceTests } from './cli-test.acceptance.test';
 import { getWorkspaceJSON } from '../workspace-helper';
 import { CommandResult } from '../../../src/cli/commands/types';

test/acceptance/cli-test/cli-test.sbt.spec.ts

@@ -1,7 +1,7 @@
 import * as sinon from 'sinon';
 import { AcceptanceTests } from './cli-test.acceptance.test';
 
-import * as _ from '@snyk/lodash';
+import * as _ from 'lodash';
 
 export const SbtTests: AcceptanceTests = {
   language: 'SBT',

test/monitor-target.test.ts

@@ -2,7 +2,7 @@ import { test, afterEach, afterAll } from 'tap';
 import * as requestLib from 'needle';
 import * as path from 'path';
 
-import * as _ from '@snyk/lodash';
+import * as _ from 'lodash';
 import * as sinon from 'sinon';
 
 import * as cli from '../src/cli/commands';

test/prompts.test.ts

@@ -1,9 +1,9 @@
 import * as fs from 'fs';
 import { test } from 'tap';
-import * as _ from '@snyk/lodash';
+import * as _ from 'lodash';
 import * as path from 'path';
 import * as sinon from 'sinon';
-import * as inquirer from '@snyk/inquirer';
+import * as inquirer from 'inquirer';
 
 import wizard = require('../src/cli/commands/protect/wizard');
 

test/system/cli.test.ts

@@ -1,5 +1,5 @@
 import * as util from 'util';
-import * as _ from '@snyk/lodash';
+import * as _ from 'lodash';
 import { test } from 'tap';
 import * as ciChecker from '../../src/lib/is-ci';
 import { makeTmpDirectory, silenceLog } from '../utils';

test/system/remote-package.test.ts

@@ -1,4 +1,4 @@
-import * as _ from '@snyk/lodash';
+import * as _ from 'lodash';
 import { test } from 'tap';
 import * as ciChecker from '../../src/lib/is-ci';
 import * as sinon from 'sinon';