From bea32f7f93834aa1d8adf58cccd1cbdc13422a24 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 22 Jun 2022 08:10:44 +0000 Subject: [PATCH] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/npm:cookie-signature:20160804 - https://snyk.io/vuln/npm:express:20140912 - https://snyk.io/vuln/npm:fresh:20170908 - https://snyk.io/vuln/npm:mime:20170907 - https://snyk.io/vuln/npm:negotiator:20160616 - https://snyk.io/vuln/npm:qs:20140806 - https://snyk.io/vuln/npm:qs:20140806-1 - https://snyk.io/vuln/npm:qs:20170213 - https://snyk.io/vuln/npm:send:20140912 - https://snyk.io/vuln/npm:send:20151103 - https://snyk.io/vuln/npm:serve-static:20150113 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:mime:20170907 --- .snyk | 8 ++++++++ package.json | 40 +++++++++++++++++++++++----------------- 2 files changed, 31 insertions(+), 17 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..cd27075 --- /dev/null +++ b/.snyk @@ -0,0 +1,8 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.25.0 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:mime:20170907': + - express > accepts > mime: + patched: '2022-06-22T08:10:42.766Z' diff --git a/package.json b/package.json index e561a23..d1ed3ce 100644 --- a/package.json +++ b/package.json @@ -1,19 +1,25 @@ { - "name": "MEAN", - "version": "0.0.1", - "dependencies": { - "express": "~4.1.0", - "express-session": "~1.0.2", - "body-parser": "~1.0.1", - "cookie-parser": "~1.0.1", - "compression": "~1.0.1", - "method-override": "~1.0.0", - "morgan": "~1.0.0", - "ejs": "~1.0.0", - "mongoose": "~3.8.8", - "connect-flash": "~0.1.1", - "passport": "~0.2.0", - "passport-local": "~1.0.0", - "passport-facebook": "~1.0.2" - } + "name": "MEAN", + "version": "0.0.1", + "dependencies": { + "express": "~4.16.0", + "express-session": "~1.0.2", + "body-parser": "~1.0.1", + "cookie-parser": "~1.0.1", + "compression": "~1.0.1", + "method-override": "~1.0.0", + "morgan": "~1.0.0", + "ejs": "~1.0.0", + "mongoose": "~3.8.8", + "connect-flash": "~0.1.1", + "passport": "~0.2.0", + "passport-local": "~1.0.0", + "passport-facebook": "~1.0.2", + "@snyk/protect": "latest" + }, + "scripts": { + "prepublish": "npm run snyk-protect", + "snyk-protect": "snyk-protect" + }, + "snyk": true } \ No newline at end of file