fix: resolve snyk vulnerabilities

[stevecl5]

Summary of Changes

Security Patches

The following Snyk vulnerabilities are resolved by this PR:

  Upgrade net.sourceforge.pmd:pmd-ant@7.16.0 to net.sourceforge.pmd:pmd-ant@7.22.0 to fix
  ✗ Cross-site Scripting (XSS) (new) [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-NETSOURCEFORGEPMD-15365925] in net.sourceforge.pmd:pmd-core@7.16.0
    introduced by net.sourceforge.pmd:pmd-ant@7.16.0 > net.sourceforge.pmd:pmd-core@7.16.0 and 1 other path(s)

  Upgrade net.sourceforge.pmd:pmd-java@7.16.0 to net.sourceforge.pmd:pmd-java@7.22.0 to fix
  ✗ Cross-site Scripting (XSS) (new) [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-NETSOURCEFORGEPMD-15365925] in net.sourceforge.pmd:pmd-core@7.16.0
    introduced by net.sourceforge.pmd:pmd-ant@7.16.0 > net.sourceforge.pmd:pmd-core@7.16.0 and 1 other path(s)

  ✗ Allocation of Resources Without Limits or Throttling [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-15365924] in com.fasterxml.jackson.core:jackson-core@2.21.0
    introduced by com.auth0:java-jwt@4.5.1 > com.fasterxml.jackson.core:jackson-core@2.21.0 and 1 other path(s)
  This issue was fixed in versions: 2.18.6, 2.21.1

The pmd vulnerabilities were resolved by updating to coppuccino 6.2.1 which updates the PMD version to 7.22.0.

The jackson-core vulnerability was resolved by setting a constraint in path-core:utilities, since com.auth0:java-jwt:4.5.1 (latest version) still uses com.fasterxml.jackson.core:jackson-core:2.21.0.

Dependency Updates

Updated plugins and other dependencies, including:

• Coppuccino 5.x -> 6.2.1
• Vogue 2.x -> 3.0.2
• httpclient 4.5.13 -> 4.5.14

By updating Coppuccino to the latest version, plugin dependency constraints are automatically included to address known vulnerabilities introduced by the plugin. As a result, manually overriding the versions of commons-lang3 and log4j-core using resolutionStrategy.eachDependency is no longer needed. As an added benefit, the new constraints set a minimum version for the vulnerable dependencies, allowing them to resolve to newer versions when available.

Dependency Cleanup & Fixes:

• SpotBugs: Removed the com.github.spotbugs:spotbugs-annotations dependency from :common, as it is now natively provided by the updated Coppuccino plugin.
• Commons Text: Locked org.apache.commons:commons-text to 1.15.0 instead of using latest.release to ensure deterministic builds and prevent breaking changes from being pulled in unintentionally.
• Gson Typo: Corrected a typo in the com.google.code.gson:gson version range (changed from [2.13.0,13.0.0) to [2.13.0,3.0.0)).
• Lombok: Removed the redundant org.projectlombok:lombok dependency from sub-projects, as it is already globally managed and provided by the io.freefair.lombok plugin.
• Java JWT: Updated the com.auth0:java-jwt dependency to [4.5.1, 5.0.0) to establish a secure floor that natively resolves legacy jackson-databind vulnerabilities without requiring manual overrides.

Gradle Project Improvements

In addition to the dependency changes, I also made significant improvements to the Gradle configuration files.

Root Project (build.gradle)

• Centralized Constraints: Updated root-level constraints block to manage all shared libraries and security overrides.
• Variable Extraction: Extracted versions for closely coupled multi-artifact libraries (like io.opentracing and org.slf4j) into ext properties to guarantee version alignment and simplify future upgrades.
• Centralized Publishing & Signing: Decoupled publication definitions from metadata decoration. The root project now universally applies POM metadata and dynamic signing to all artifacts, while explicitly protecting the BOM from invalid components.java injections.
• Modernized Task Configuration: Replaced legacy afterEvaluate logic for spotlessApply and subdependencies tasks with a more performant, lazy task configuration.
• Global Toolchains: Replaced sourceCompatibility and targetCompatibility by enforcing Java 17 globally using the modern java { toolchain { ... } } API.
• Simplified Artifacts: Replaced manual package tasks and artifacts configuration with the native java { withSourcesJar(); withJavadocJar() } DSL.

Sub-Projects (common, gateway, http, messaging, etc.)

• Version Stripping: Removed all hardcoded version numbers for shared dependencies (e.g., gson, opentracing, httpclient, slf4j), allowing them to inherit coordinates natively from the root constraints.
• Scope Refinement: Corrected dependency configurations across the board. Changes include:
  • strictly using implementation for internal tools and api for exposed transitives
  • updating com.google.auto.service:auto-service to have compileOnly and annotationProcessor scopes
  • removing a redundant testImplementation dependency for org.objenesis:objenesis
• Testing Library Exports: Updated the :testing project to expose mockito, spock, and junit via api so consumers inherit the testing framework seamlessly.

Platform BOM (platform)

• Simplified BOM: Stripped out redundant pom { ... } metadata blocks and manual signing logic, delegating those decoration responsibilities entirely to the centralized root configuration. The project now maintains a clean, minimal java-platform structure to strictly expose path-core constraints.
• Syntax Cleanup: Standardized dependency constraint syntax by removing unnecessary parentheses (e.g., changing api(project(":common")) to api project(":common")).

Public API Additions/Changes

N/A

Downstream Consumer Impact

N/A

How Has This Been Tested?

Verified that vulnerabilities are resolved without manual overrides by running snyk test --all-projects --exclude=build.

Snyk scan results

path-core % snyk test --all-projects --exclude=build

Testing /Users/steven.leighton/dev/path-core...

Organization:      mx
Package manager:   gradle
Target file:       build.gradle
Project name:      path-core
Open source:       no
Project path:      /Users/steven.leighton/dev/path-core
Licenses:          enabled

✔ Tested /Users/steven.leighton/dev/path-core for known issues, no vulnerable paths found.

Next steps:
- Run `snyk monitor` to be notified about new related vulnerabilities.
- Run `snyk test` as part of your CI/test.

-------------------------------------------------------

Testing /Users/steven.leighton/dev/path-core...

Tested 96 dependencies for known issues, found 4 issues, 8 vulnerable paths.


License issues:

  ✗ MPL-2.0 license [Low Severity][https://snyk.io/vuln/snyk:lic:maven:net.sf.saxon:Saxon-HE:MPL-2.0] in net.sf.saxon:Saxon-HE@12.5
    introduced by com.puppycrawl.tools:checkstyle@10.25.0 > net.sf.saxon:Saxon-HE@12.5 and 3 other path(s)

  ✗ LGPL-2.1 license [Low Severity][https://snyk.io/vuln/snyk:lic:maven:com.puppycrawl.tools:checkstyle:LGPL-2.1] in com.puppycrawl.tools:checkstyle@10.25.0
    introduced by com.puppycrawl.tools:checkstyle@10.25.0

  ✗ LGPL-2.1 license [Low Severity][https://snyk.io/vuln/snyk:lic:maven:com.github.spotbugs:spotbugs-annotations:LGPL-2.1] in com.github.spotbugs:spotbugs-annotations@4.9.8
    introduced by com.github.spotbugs:spotbugs-annotations@4.9.8 and 1 other path(s)

  ✗ LGPL-2.1 license [Low Severity][https://snyk.io/vuln/snyk:lic:maven:com.github.spotbugs:spotbugs:LGPL-2.1] in com.github.spotbugs:spotbugs@4.9.8
    introduced by com.github.spotbugs:spotbugs@4.9.8



Organization:      mx
Package manager:   gradle
Target file:       common/build.gradle
Project name:      path-core/common
Open source:       no
Project path:      /Users/steven.leighton/dev/path-core
Licenses:          enabled

-------------------------------------------------------

Testing /Users/steven.leighton/dev/path-core...

Tested 103 dependencies for known issues, found 4 issues, 8 vulnerable paths.


License issues:

  ✗ MPL-2.0 license [Low Severity][https://snyk.io/vuln/snyk:lic:maven:net.sf.saxon:Saxon-HE:MPL-2.0] in net.sf.saxon:Saxon-HE@12.5
    introduced by com.puppycrawl.tools:checkstyle@10.25.0 > net.sf.saxon:Saxon-HE@12.5 and 3 other path(s)

  ✗ LGPL-2.1 license [Low Severity][https://snyk.io/vuln/snyk:lic:maven:com.puppycrawl.tools:checkstyle:LGPL-2.1] in com.puppycrawl.tools:checkstyle@10.25.0
    introduced by com.puppycrawl.tools:checkstyle@10.25.0

  ✗ LGPL-2.1 license [Low Severity][https://snyk.io/vuln/snyk:lic:maven:com.github.spotbugs:spotbugs-annotations:LGPL-2.1] in com.github.spotbugs:spotbugs-annotations@4.9.8
    introduced by com.github.spotbugs:spotbugs-annotations@4.9.8 and 1 other path(s)

  ✗ LGPL-2.1 license [Low Severity][https://snyk.io/vuln/snyk:lic:maven:com.github.spotbugs:spotbugs:LGPL-2.1] in com.github.spotbugs:spotbugs@4.9.8
    introduced by com.github.spotbugs:spotbugs@4.9.8



Organization:      mx
Package manager:   gradle
Target file:       context/build.gradle
Project name:      path-core/context
Open source:       no
Project path:      /Users/steven.leighton/dev/path-core
Licenses:          enabled

-------------------------------------------------------

Testing /Users/steven.leighton/dev/path-core...

Tested 119 dependencies for known issues, found 4 issues, 8 vulnerable paths.


License issues:

  ✗ MPL-2.0 license [Low Severity][https://snyk.io/vuln/snyk:lic:maven:net.sf.saxon:Saxon-HE:MPL-2.0] in net.sf.saxon:Saxon-HE@12.5
    introduced by com.puppycrawl.tools:checkstyle@10.25.0 > net.sf.saxon:Saxon-HE@12.5 and 3 other path(s)

  ✗ LGPL-2.1 license [Low Severity][https://snyk.io/vuln/snyk:lic:maven:com.puppycrawl.tools:checkstyle:LGPL-2.1] in com.puppycrawl.tools:checkstyle@10.25.0
    introduced by com.puppycrawl.tools:checkstyle@10.25.0

  ✗ LGPL-2.1 license [Low Severity][https://snyk.io/vuln/snyk:lic:maven:com.github.spotbugs:spotbugs-annotations:LGPL-2.1] in com.github.spotbugs:spotbugs-annotations@4.9.8
    introduced by com.github.spotbugs:spotbugs-annotations@4.9.8 and 1 other path(s)

  ✗ LGPL-2.1 license [Low Severity][https://snyk.io/vuln/snyk:lic:maven:com.github.spotbugs:spotbugs:LGPL-2.1] in com.github.spotbugs:spotbugs@4.9.8
    introduced by com.github.spotbugs:spotbugs@4.9.8



Organization:      mx
Package manager:   gradle
Target file:       gateway/build.gradle
Project name:      path-core/gateway
Open source:       no
Project path:      /Users/steven.leighton/dev/path-core
Licenses:          enabled

-------------------------------------------------------

Testing /Users/steven.leighton/dev/path-core...

Tested 118 dependencies for known issues, found 4 issues, 8 vulnerable paths.


License issues:

  ✗ MPL-2.0 license [Low Severity][https://snyk.io/vuln/snyk:lic:maven:net.sf.saxon:Saxon-HE:MPL-2.0] in net.sf.saxon:Saxon-HE@12.5
    introduced by com.puppycrawl.tools:checkstyle@10.25.0 > net.sf.saxon:Saxon-HE@12.5 and 3 other path(s)

  ✗ LGPL-2.1 license [Low Severity][https://snyk.io/vuln/snyk:lic:maven:com.puppycrawl.tools:checkstyle:LGPL-2.1] in com.puppycrawl.tools:checkstyle@10.25.0
    introduced by com.puppycrawl.tools:checkstyle@10.25.0

  ✗ LGPL-2.1 license [Low Severity][https://snyk.io/vuln/snyk:lic:maven:com.github.spotbugs:spotbugs-annotations:LGPL-2.1] in com.github.spotbugs:spotbugs-annotations@4.9.8
    introduced by com.github.spotbugs:spotbugs-annotations@4.9.8 and 1 other path(s)

  ✗ LGPL-2.1 license [Low Severity][https://snyk.io/vuln/snyk:lic:maven:com.github.spotbugs:spotbugs:LGPL-2.1] in com.github.spotbugs:spotbugs@4.9.8
    introduced by com.github.spotbugs:spotbugs@4.9.8



Organization:      mx
Package manager:   gradle
Target file:       gateway-generator/build.gradle
Project name:      path-core/gateway-generator
Open source:       no
Project path:      /Users/steven.leighton/dev/path-core
Licenses:          enabled

-------------------------------------------------------

Testing /Users/steven.leighton/dev/path-core...

Tested 120 dependencies for known issues, found 4 issues, 8 vulnerable paths.


License issues:

  ✗ MPL-2.0 license [Low Severity][https://snyk.io/vuln/snyk:lic:maven:net.sf.saxon:Saxon-HE:MPL-2.0] in net.sf.saxon:Saxon-HE@12.5
    introduced by com.puppycrawl.tools:checkstyle@10.25.0 > net.sf.saxon:Saxon-HE@12.5 and 3 other path(s)

  ✗ LGPL-2.1 license [Low Severity][https://snyk.io/vuln/snyk:lic:maven:com.puppycrawl.tools:checkstyle:LGPL-2.1] in com.puppycrawl.tools:checkstyle@10.25.0
    introduced by com.puppycrawl.tools:checkstyle@10.25.0

  ✗ LGPL-2.1 license [Low Severity][https://snyk.io/vuln/snyk:lic:maven:com.github.spotbugs:spotbugs-annotations:LGPL-2.1] in com.github.spotbugs:spotbugs-annotations@4.9.8
    introduced by com.github.spotbugs:spotbugs-annotations@4.9.8 and 1 other path(s)

  ✗ LGPL-2.1 license [Low Severity][https://snyk.io/vuln/snyk:lic:maven:com.github.spotbugs:spotbugs:LGPL-2.1] in com.github.spotbugs:spotbugs@4.9.8
    introduced by com.github.spotbugs:spotbugs@4.9.8



Organization:      mx
Package manager:   gradle
Target file:       http/build.gradle
Project name:      path-core/http
Open source:       no
Project path:      /Users/steven.leighton/dev/path-core
Licenses:          enabled

-------------------------------------------------------

Testing /Users/steven.leighton/dev/path-core...

Tested 104 dependencies for known issues, found 4 issues, 8 vulnerable paths.


License issues:

  ✗ MPL-2.0 license [Low Severity][https://snyk.io/vuln/snyk:lic:maven:net.sf.saxon:Saxon-HE:MPL-2.0] in net.sf.saxon:Saxon-HE@12.5
    introduced by com.puppycrawl.tools:checkstyle@10.25.0 > net.sf.saxon:Saxon-HE@12.5 and 3 other path(s)

  ✗ LGPL-2.1 license [Low Severity][https://snyk.io/vuln/snyk:lic:maven:com.puppycrawl.tools:checkstyle:LGPL-2.1] in com.puppycrawl.tools:checkstyle@10.25.0
    introduced by com.puppycrawl.tools:checkstyle@10.25.0

  ✗ LGPL-2.1 license [Low Severity][https://snyk.io/vuln/snyk:lic:maven:com.github.spotbugs:spotbugs-annotations:LGPL-2.1] in com.github.spotbugs:spotbugs-annotations@4.9.8
    introduced by com.github.spotbugs:spotbugs-annotations@4.9.8 and 1 other path(s)

  ✗ LGPL-2.1 license [Low Severity][https://snyk.io/vuln/snyk:lic:maven:com.github.spotbugs:spotbugs:LGPL-2.1] in com.github.spotbugs:spotbugs@4.9.8
    introduced by com.github.spotbugs:spotbugs@4.9.8



Organization:      mx
Package manager:   gradle
Target file:       messaging/build.gradle
Project name:      path-core/messaging
Open source:       no
Project path:      /Users/steven.leighton/dev/path-core
Licenses:          enabled

-------------------------------------------------------

Testing /Users/steven.leighton/dev/path-core...

Organization:      mx
Package manager:   gradle
Target file:       platform/build.gradle
Project name:      path-core/platform
Open source:       no
Project path:      /Users/steven.leighton/dev/path-core
Licenses:          enabled

✔ Tested /Users/steven.leighton/dev/path-core for known issues, no vulnerable paths found.

Next steps:
- Run `snyk monitor` to be notified about new related vulnerabilities.
- Run `snyk test` as part of your CI/test.

-------------------------------------------------------

Testing /Users/steven.leighton/dev/path-core...

Tested 75 dependencies for known issues, found 3 issues, 4 vulnerable paths.


License issues:

  ✗ MPL-2.0 license [Low Severity][https://snyk.io/vuln/snyk:lic:maven:net.sf.saxon:Saxon-HE:MPL-2.0] in net.sf.saxon:Saxon-HE@12.9
    introduced by com.github.spotbugs:spotbugs@4.9.8 > net.sf.saxon:Saxon-HE@12.9

  ✗ LGPL-2.1 license [Low Severity][https://snyk.io/vuln/snyk:lic:maven:com.github.spotbugs:spotbugs-annotations:LGPL-2.1] in com.github.spotbugs:spotbugs-annotations@4.9.8
    introduced by com.github.spotbugs:spotbugs-annotations@4.9.8 and 1 other path(s)

  ✗ LGPL-2.1 license [Low Severity][https://snyk.io/vuln/snyk:lic:maven:com.github.spotbugs:spotbugs:LGPL-2.1] in com.github.spotbugs:spotbugs@4.9.8
    introduced by com.github.spotbugs:spotbugs@4.9.8



Organization:      mx
Package manager:   gradle
Target file:       test-gateway-generator/build.gradle
Project name:      path-core/test-gateway-generator
Open source:       no
Project path:      /Users/steven.leighton/dev/path-core
Licenses:          enabled

-------------------------------------------------------

Testing /Users/steven.leighton/dev/path-core...

Tested 127 dependencies for known issues, found 4 issues, 8 vulnerable paths.


License issues:

  ✗ MPL-2.0 license [Low Severity][https://snyk.io/vuln/snyk:lic:maven:net.sf.saxon:Saxon-HE:MPL-2.0] in net.sf.saxon:Saxon-HE@12.5
    introduced by com.puppycrawl.tools:checkstyle@10.25.0 > net.sf.saxon:Saxon-HE@12.5 and 3 other path(s)

  ✗ LGPL-2.1 license [Low Severity][https://snyk.io/vuln/snyk:lic:maven:com.puppycrawl.tools:checkstyle:LGPL-2.1] in com.puppycrawl.tools:checkstyle@10.25.0
    introduced by com.puppycrawl.tools:checkstyle@10.25.0

  ✗ LGPL-2.1 license [Low Severity][https://snyk.io/vuln/snyk:lic:maven:com.github.spotbugs:spotbugs-annotations:LGPL-2.1] in com.github.spotbugs:spotbugs-annotations@4.9.8
    introduced by com.github.spotbugs:spotbugs-annotations@4.9.8 and 1 other path(s)

  ✗ LGPL-2.1 license [Low Severity][https://snyk.io/vuln/snyk:lic:maven:com.github.spotbugs:spotbugs:LGPL-2.1] in com.github.spotbugs:spotbugs@4.9.8
    introduced by com.github.spotbugs:spotbugs@4.9.8



Organization:      mx
Package manager:   gradle
Target file:       test-gateways/build.gradle
Project name:      path-core/test-gateways
Open source:       no
Project path:      /Users/steven.leighton/dev/path-core
Licenses:          enabled

-------------------------------------------------------

Testing /Users/steven.leighton/dev/path-core...

Tested 113 dependencies for known issues, found 4 issues, 8 vulnerable paths.


License issues:

  ✗ MPL-2.0 license [Low Severity][https://snyk.io/vuln/snyk:lic:maven:net.sf.saxon:Saxon-HE:MPL-2.0] in net.sf.saxon:Saxon-HE@12.5
    introduced by com.puppycrawl.tools:checkstyle@10.25.0 > net.sf.saxon:Saxon-HE@12.5 and 3 other path(s)

  ✗ LGPL-2.1 license [Low Severity][https://snyk.io/vuln/snyk:lic:maven:com.puppycrawl.tools:checkstyle:LGPL-2.1] in com.puppycrawl.tools:checkstyle@10.25.0
    introduced by com.puppycrawl.tools:checkstyle@10.25.0

  ✗ LGPL-2.1 license [Low Severity][https://snyk.io/vuln/snyk:lic:maven:com.github.spotbugs:spotbugs-annotations:LGPL-2.1] in com.github.spotbugs:spotbugs-annotations@4.9.8
    introduced by com.github.spotbugs:spotbugs-annotations@4.9.8 and 1 other path(s)

  ✗ LGPL-2.1 license [Low Severity][https://snyk.io/vuln/snyk:lic:maven:com.github.spotbugs:spotbugs:LGPL-2.1] in com.github.spotbugs:spotbugs@4.9.8
    introduced by com.github.spotbugs:spotbugs@4.9.8



Organization:      mx
Package manager:   gradle
Target file:       test-models/build.gradle
Project name:      path-core/test-models
Open source:       no
Project path:      /Users/steven.leighton/dev/path-core
Licenses:          enabled

-------------------------------------------------------

Testing /Users/steven.leighton/dev/path-core...

Tested 114 dependencies for known issues, found 4 issues, 8 vulnerable paths.


License issues:

  ✗ MPL-2.0 license [Low Severity][https://snyk.io/vuln/snyk:lic:maven:net.sf.saxon:Saxon-HE:MPL-2.0] in net.sf.saxon:Saxon-HE@12.5
    introduced by com.puppycrawl.tools:checkstyle@10.25.0 > net.sf.saxon:Saxon-HE@12.5 and 3 other path(s)

  ✗ LGPL-2.1 license [Low Severity][https://snyk.io/vuln/snyk:lic:maven:com.puppycrawl.tools:checkstyle:LGPL-2.1] in com.puppycrawl.tools:checkstyle@10.25.0
    introduced by com.puppycrawl.tools:checkstyle@10.25.0

  ✗ LGPL-2.1 license [Low Severity][https://snyk.io/vuln/snyk:lic:maven:com.github.spotbugs:spotbugs-annotations:LGPL-2.1] in com.github.spotbugs:spotbugs-annotations@4.9.8
    introduced by com.github.spotbugs:spotbugs-annotations@4.9.8 and 1 other path(s)

  ✗ LGPL-2.1 license [Low Severity][https://snyk.io/vuln/snyk:lic:maven:com.github.spotbugs:spotbugs:LGPL-2.1] in com.github.spotbugs:spotbugs@4.9.8
    introduced by com.github.spotbugs:spotbugs@4.9.8



Organization:      mx
Package manager:   gradle
Target file:       testing/build.gradle
Project name:      path-core/testing
Open source:       no
Project path:      /Users/steven.leighton/dev/path-core
Licenses:          enabled

-------------------------------------------------------

Testing /Users/steven.leighton/dev/path-core...

Tested 91 dependencies for known issues, found 4 issues, 8 vulnerable paths.


License issues:

  ✗ MPL-2.0 license [Low Severity][https://snyk.io/vuln/snyk:lic:maven:net.sf.saxon:Saxon-HE:MPL-2.0] in net.sf.saxon:Saxon-HE@12.5
    introduced by com.puppycrawl.tools:checkstyle@10.25.0 > net.sf.saxon:Saxon-HE@12.5 and 3 other path(s)

  ✗ LGPL-2.1 license [Low Severity][https://snyk.io/vuln/snyk:lic:maven:com.puppycrawl.tools:checkstyle:LGPL-2.1] in com.puppycrawl.tools:checkstyle@10.25.0
    introduced by com.puppycrawl.tools:checkstyle@10.25.0

  ✗ LGPL-2.1 license [Low Severity][https://snyk.io/vuln/snyk:lic:maven:com.github.spotbugs:spotbugs-annotations:LGPL-2.1] in com.github.spotbugs:spotbugs-annotations@4.9.8
    introduced by com.github.spotbugs:spotbugs-annotations@4.9.8 and 1 other path(s)

  ✗ LGPL-2.1 license [Low Severity][https://snyk.io/vuln/snyk:lic:maven:com.github.spotbugs:spotbugs:LGPL-2.1] in com.github.spotbugs:spotbugs@4.9.8
    introduced by com.github.spotbugs:spotbugs@4.9.8



Organization:      mx
Package manager:   gradle
Target file:       utilities/build.gradle
Project name:      path-core/utilities
Open source:       no
Project path:      /Users/steven.leighton/dev/path-core
Licenses:          enabled

-------------------------------------------------------

Testing /Users/steven.leighton/dev/path-core...

Organization:      mx
Package manager:   npm
Target file:       package-lock.json
Project name:      package.json
Open source:       no
Project path:      /Users/steven.leighton/dev/path-core
Licenses:          enabled

✔ Tested /Users/steven.leighton/dev/path-core for known issues, no vulnerable paths found.

Next steps:
- Run `snyk monitor` to be notified about new related vulnerabilities.
- Run `snyk test` as part of your CI/test.


Tested 14 projects, 11 contained vulnerable paths.

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my code
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works

[tessstoddard]

Thanks for the detailed summary! That helped a lot