From 1409ee59ec866da184ece5a7b52e145998d9f17b Mon Sep 17 00:00:00 2001 From: snyk-test Date: Thu, 4 Jul 2019 01:57:21 +0000 Subject: [PATCH] fix: .snyk & package.json to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-450202 --- .snyk | 8 +++ package.json | 146 ++++++++++++++++++++++++++------------------------- 2 files changed, 83 insertions(+), 71 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..25f9379 --- /dev/null +++ b/.snyk @@ -0,0 +1,8 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.13.5 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-450202: + - object-sizeof > lodash: + patched: '2019-07-04T01:57:19.574Z' diff --git a/package.json b/package.json index 1357ba8..aba6bfd 100644 --- a/package.json +++ b/package.json @@ -1,73 +1,77 @@ { - "name": "telepat-api", - "version": "0.4.4", - "scripts": { - "start": "./bin/startup.sh", - "stop": "./bin/stop.sh", - "restart": "./bin/restart.sh", - "test": "istanbul cover _mocha -- test/api.js -R spec", - "doc": "./bin/documentation.sh" - }, - "dependencies": { - "async": "1.5.2", - "bcrypt": "0.8.5", - "body-parser": "1.15.0", - "clone": "1.0.2", - "colors": "1.1.2", - "debug": "2.2.0", - "express": "4.13.4", - "express-jwt": "3.3.0", - "facebook-node": "0.0.3", - "hiredis": "0.5.0", - "jsonwebtoken": "5.7.0", - "mandrill-api": "1.0.45", - "microtime-nodejs": "1.0.0", - "object-sizeof": "1.0.9", - "redis": "2.6.2", - "telepat-models": "0.4.4", - "sendgrid": "4.0.2", - "twitter": "1.2.5", - "uuid": "2.0.1" - }, - "bugs": { - "url": "https://github.com/telepat-io/telepat-api/issues" - }, - "engines": { - "node": ">=0.12.0" - }, - "repository": { - "type": "git", - "url": "git@github.com:telepat-io/telepat-api.git" - }, - "contributors": [ - { - "name": "Răzvan Botea", - "email": "razvan@telepat.io" - }, - { - "name": "Gabi Dobocan", - "email": "gabi@telepat.io" - } - ], - "author": { - "name": "Răzvan Botea", - "email": "razvan@telepat.io" - }, - "apidoc": { - "name": "Telepat API", - "version": "0.4.0", - "description": "Telepat API used in Telepat distributed data sync platform", - "title": "Telepat API Documentation", - "url": "http://localhost:3000" - }, - "license": "Apache-2.0", - "devDependencies": { - "assert": "^1.3.0", - "crypto-js": "^3.1.5", - "should": "^7.1.0", - "supertest": "^1.1.0", - "common": "*", - "istanbul": "*", - "mocha": "*" - } + "name": "telepat-api", + "version": "0.4.4", + "scripts": { + "start": "./bin/startup.sh", + "stop": "./bin/stop.sh", + "restart": "./bin/restart.sh", + "test": "istanbul cover _mocha -- test/api.js -R spec", + "doc": "./bin/documentation.sh", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" + }, + "dependencies": { + "async": "1.5.2", + "bcrypt": "0.8.5", + "body-parser": "1.15.0", + "clone": "1.0.2", + "colors": "1.1.2", + "debug": "2.2.0", + "express": "4.13.4", + "express-jwt": "3.3.0", + "facebook-node": "0.0.3", + "hiredis": "0.5.0", + "jsonwebtoken": "5.7.0", + "mandrill-api": "1.0.45", + "microtime-nodejs": "1.0.0", + "object-sizeof": "1.0.9", + "redis": "2.6.2", + "telepat-models": "0.4.4", + "sendgrid": "4.0.2", + "twitter": "1.2.5", + "uuid": "2.0.1", + "snyk": "^1.189.0" + }, + "bugs": { + "url": "https://github.com/telepat-io/telepat-api/issues" + }, + "engines": { + "node": ">=0.12.0" + }, + "repository": { + "type": "git", + "url": "git@github.com:telepat-io/telepat-api.git" + }, + "contributors": [ + { + "name": "Răzvan Botea", + "email": "razvan@telepat.io" + }, + { + "name": "Gabi Dobocan", + "email": "gabi@telepat.io" + } + ], + "author": { + "name": "Răzvan Botea", + "email": "razvan@telepat.io" + }, + "apidoc": { + "name": "Telepat API", + "version": "0.4.0", + "description": "Telepat API used in Telepat distributed data sync platform", + "title": "Telepat API Documentation", + "url": "http://localhost:3000" + }, + "license": "Apache-2.0", + "devDependencies": { + "assert": "^1.3.0", + "crypto-js": "^3.1.5", + "should": "^7.1.0", + "supertest": "^1.1.0", + "common": "*", + "istanbul": "*", + "mocha": "*" + }, + "snyk": true }