From 44f9a00d551eccdbe08caceda3b415878f1c738d Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 17 Jun 2020 10:29:21 +0000 Subject: [PATCH] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- .snyk | 8 ++++ package.json | 132 ++++++++++++++++++++++++++------------------------- 2 files changed, 76 insertions(+), 64 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 000000000..fe1d5b7bf --- /dev/null +++ b/.snyk @@ -0,0 +1,8 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.15.0 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - async > lodash: + patched: '2020-06-17T10:29:19.409Z' diff --git a/package.json b/package.json index dc8d505b4..97cd15a25 100644 --- a/package.json +++ b/package.json @@ -1,66 +1,70 @@ { - "name": "iframely", - "version": "1.4.3", - "description": "oEmbed/2 gateway endpoint. Get embed data for various http links through one self-hosted API", - "keywords": [ - "oembed", - "embed", - "open graph", - "og", - "twitter cards" - ], - "homepage": "http://iframely.com", - "repository": { - "type": "git", - "url": "https://github.com/itteco/iframely.git" - }, - "bugs": { - "url": "https://github.com/itteco/iframely/issues" - }, - "license": "MIT", - "dependencies": { - "async": "2.4.1", - "cheerio": "0.22.0", - "chokidar": "^3.3.1", - "ejs": "2.5.7", - "entities": "1.1.1", - "express": "^4.16.3", - "graceful-cluster": "0.0.3", - "htmlparser2": "3.9.2", - "http-parser-js": "itteco/http-parser-js#magicode-fix-22", - "iconv-lite": "0.4.17", - "iltorb": "^2.4.3", - "imagesize": "1.0.0", - "jslint": "^0.12.1", - "jsontoxml": "0.0.11", - "memcached": "2.2.2", - "moment": "2.19.3", - "node-cache": "1.*", - "parse-iso-duration": "1.0.0", - "readabilitySAX": "1.6.1", - "redis": "2.7.1", - "request": "^2.88.0", - "sax": "1.2.2", - "semver": "^6.3.0", - "send": "0.16.1", - "underscore": "1.8.3" - }, - "devDependencies": { - "chai": "^3.5.0", - "feedparser": "2.2.0", - "mocha": "^5.2.0", - "mock-http-server": "^1.0.0", - "mongoose": "^5.4.20", - "supertest": "^4.0.2" - }, - "iframely-proxy-plugins": true, - "main": "./lib/core", - "scripts": { - "test": "npm run test-core-plugins && npm run test-e2e", - "test-core-plugins": "mocha --exit test/core-plugins.js", - "test-e2e": "NODE_ENV=test PORT=8080 mocha --exit test/e2e.js" - }, - "engines": { - "node": ">=8.0.0" - } + "name": "iframely", + "version": "1.4.3", + "description": "oEmbed/2 gateway endpoint. Get embed data for various http links through one self-hosted API", + "keywords": [ + "oembed", + "embed", + "open graph", + "og", + "twitter cards" + ], + "homepage": "http://iframely.com", + "repository": { + "type": "git", + "url": "https://github.com/itteco/iframely.git" + }, + "bugs": { + "url": "https://github.com/itteco/iframely/issues" + }, + "license": "MIT", + "dependencies": { + "async": "2.4.1", + "cheerio": "0.22.0", + "chokidar": "^3.3.1", + "ejs": "2.5.7", + "entities": "1.1.1", + "express": "^4.16.3", + "graceful-cluster": "0.0.3", + "htmlparser2": "3.9.2", + "http-parser-js": "itteco/http-parser-js#magicode-fix-22", + "iconv-lite": "0.4.17", + "iltorb": "^2.4.3", + "imagesize": "1.0.0", + "jslint": "^0.12.1", + "jsontoxml": "0.0.11", + "memcached": "2.2.2", + "moment": "2.19.3", + "node-cache": "1.*", + "parse-iso-duration": "1.0.0", + "readabilitySAX": "1.6.1", + "redis": "2.7.1", + "request": "^2.88.0", + "sax": "1.2.2", + "semver": "^6.3.0", + "send": "0.16.1", + "underscore": "1.8.3", + "snyk": "^1.342.2" + }, + "devDependencies": { + "chai": "^3.5.0", + "feedparser": "2.2.0", + "mocha": "^5.2.0", + "mock-http-server": "^1.0.0", + "mongoose": "^5.4.20", + "supertest": "^4.0.2" + }, + "iframely-proxy-plugins": true, + "main": "./lib/core", + "scripts": { + "test": "npm run test-core-plugins && npm run test-e2e", + "test-core-plugins": "mocha --exit test/core-plugins.js", + "test-e2e": "NODE_ENV=test PORT=8080 mocha --exit test/e2e.js", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" + }, + "engines": { + "node": ">=8.0.0" + }, + "snyk": true }