[Snyk] Fix for 1 vulnerable dependencies

demo/.snyk

@@ -0,0 +1,194 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.13.5
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-LODASH-450202:
+    - libp2p > peer-id > libp2p-crypto > multihashing-async > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - parcel-bundler > @babel/generator > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p-tcp > ip-address > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p-secio > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p-mplex > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p-secio > peer-info > peer-id > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > libp2p-floodsub > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - parcel-bundler > @babel/traverse > @babel/generator > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - parcel-bundler > babylon-walk > babel-types > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > peer-book > peer-id > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > peer-info > peer-id > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > libp2p-switch > peer-id > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > libp2p-switch > ip-address > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p-tcp > multiaddr > ip-address > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > multiaddr > ip-address > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > libp2p-connection-manager > latency-monitor > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - parcel-bundler > htmlnano > uncss > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p-secio > libp2p-crypto > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > peer-id > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > libp2p-switch > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p-secio > peer-id > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p-secio > peer-id > libp2p-crypto > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - parcel-bundler > @babel/core > @babel/generator > @babel/types > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > peer-info > peer-id > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p-secio > peer-info > peer-id > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > peer-book > peer-id > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > libp2p-switch > libp2p-circuit > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > libp2p-switch > peer-id > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > peer-id > libp2p-crypto > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > libp2p-switch > multiaddr > ip-address > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > libp2p-floodsub > libp2p-crypto > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > libp2p-ping > libp2p-crypto > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > peer-info > multiaddr > ip-address > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p-secio > peer-info > multiaddr > ip-address > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > libp2p-switch > libp2p-circuit > peer-id > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > libp2p-switch > peer-info > peer-id > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > peer-book > peer-info > peer-id > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p-secio > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > libp2p-floodsub > libp2p-pubsub > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > libp2p-switch > multistream-select > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - parcel-bundler > @babel/preset-env > @babel/plugin-transform-async-to-generator > @babel/helper-module-imports > @babel/types > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > libp2p-switch > libp2p-circuit > multistream-select > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > libp2p-ping > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > peer-book > peer-info > peer-id > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > libp2p-switch > libp2p-circuit > peer-info > peer-id > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > peer-id > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > peer-book > peer-info > multiaddr > ip-address > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > libp2p-switch > peer-info > multiaddr > ip-address > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > libp2p-floodsub > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > libp2p-switch > peer-id > libp2p-crypto > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > libp2p-switch > libp2p-circuit > multiaddr > ip-address > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > libp2p-switch > libp2p-circuit > peer-id > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > peer-info > peer-id > libp2p-crypto > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p-secio > peer-info > peer-id > libp2p-crypto > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > peer-book > peer-id > libp2p-crypto > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > libp2p-switch > libp2p-identify > peer-id > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > libp2p-floodsub > libp2p-pubsub > libp2p-crypto > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p-secio > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > libp2p-switch > peer-info > peer-id > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - parcel-bundler > @babel/core > @babel/traverse > @babel/helper-function-name > @babel/helper-get-function-arity > @babel/types > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > libp2p-switch > libp2p-identify > peer-id > libp2p-crypto > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > libp2p-switch > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > libp2p-switch > peer-info > peer-id > libp2p-crypto > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > peer-book > peer-info > peer-id > libp2p-crypto > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > peer-info > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p-secio > peer-info > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > peer-info > peer-id > libp2p-crypto > multihashing-async > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > libp2p-switch > libp2p-circuit > peer-info > peer-id > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p-secio > peer-info > peer-id > libp2p-crypto > multihashing-async > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > peer-book > peer-id > libp2p-crypto > multihashing-async > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > libp2p-switch > libp2p-circuit > peer-id > libp2p-crypto > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > libp2p-switch > libp2p-circuit > peer-info > multiaddr > ip-address > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > peer-book > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > libp2p-floodsub > libp2p-pubsub > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - parcel-bundler > htmlnano > uncss > jsdom > request-promise-native > request-promise-core > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > libp2p-switch > libp2p-identify > peer-info > peer-id > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > libp2p-switch > peer-id > libp2p-crypto > multihashing-async > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - parcel-bundler > @babel/preset-env > @babel/plugin-transform-exponentiation-operator > @babel/helper-builder-binary-assignment-operator-visitor > @babel/helper-explode-assignable-expression > @babel/traverse > @babel/generator > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > libp2p-switch > libp2p-identify > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > libp2p-switch > libp2p-identify > peer-info > peer-id > libp2p-crypto > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > libp2p-switch > libp2p-circuit > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > libp2p-switch > peer-info > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > peer-book > peer-info > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > libp2p-switch > libp2p-circuit > peer-id > libp2p-crypto > multihashing-async > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > libp2p-switch > peer-info > peer-id > libp2p-crypto > multihashing-async > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > peer-book > peer-info > peer-id > libp2p-crypto > multihashing-async > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > libp2p-switch > libp2p-circuit > peer-info > peer-id > libp2p-crypto > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - parcel-bundler > @babel/preset-env > @babel/plugin-transform-exponentiation-operator > @babel/helper-builder-binary-assignment-operator-visitor > @babel/helper-explode-assignable-expression > @babel/traverse > @babel/helper-function-name > @babel/types > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > libp2p-switch > libp2p-identify > peer-info > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > libp2p-switch > libp2p-circuit > peer-info > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - libp2p > libp2p-switch > libp2p-circuit > peer-info > peer-id > libp2p-crypto > multihashing-async > async > lodash:
+        patched: '2019-07-04T08:46:54.088Z'
+    - parcel-bundler > @babel/preset-env > @babel/plugin-transform-exponentiation-operator > @babel/helper-builder-binary-assignment-operator-visitor > @babel/helper-explode-assignable-expression > @babel/traverse > @babel/helper-function-name > @babel/helper-get-function-arity > @babel/types > lodash:
+        patched: '2019-07-04T08:46:54.088Z'

demo/package.json

@@ -6,7 +6,9 @@
     "build": "parcel build --public-url ./ --out-dir dist index.html",
     "test": "echo \"Error: no test specified\" && exit 1",
     "start": "parcel index.html",
-    "postinstall": "sed \"s|big.js')|big.js').Big|g\" -i node_modules/libp2p-switch/src/stats/stat.js"
+    "postinstall": "sed \"s|big.js')|big.js').Big|g\" -i node_modules/libp2p-switch/src/stats/stat.js",
+    "snyk-protect": "snyk protect",
+    "prepublish": "npm run snyk-protect"
   },
   "author": "Maciej Krüger <[email protected]>",
   "license": "MIT",
@@ -23,6 +25,8 @@
     "moment": "^2.22.2",
     "parcel-bundler": "^1.9.7",
     "pull-stream": "^3.6.9",
-    "raven-js": "^3.27.0"
-  }
+    "raven-js": "^3.27.0",
+    "snyk": "^1.190.0"
+  },
+  "snyk": true
 }