From 9a3aff3af76bb6a1b66a9d3e48ea28417e0fcf61 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 30 Apr 2020 23:50:35 +0200 Subject: [PATCH 1/2] fix: .snyk & package.json to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- .snyk | 65 +++++++++++++++++++++++++++++++---------------------------- 1 file changed, 34 insertions(+), 31 deletions(-) diff --git a/.snyk b/.snyk index cbc1e9b..24986df 100644 --- a/.snyk +++ b/.snyk @@ -1,31 +1,34 @@ -# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. -version: v1.7.1 -ignore: {} -# patches apply the minimum changes required to fix a vulnerability -patch: - 'npm:minimatch:20160620': - - gulp > vinyl-fs > glob-watcher > gaze > globule > glob > minimatch: - patched: '2017-09-22T07:20:33.134Z' - - gulp > vinyl-fs > glob-watcher > gaze > globule > minimatch: - patched: '2017-09-22T07:20:33.134Z' - - gulp > vinyl-fs > glob-stream > glob > minimatch: - patched: '2017-09-22T07:20:33.134Z' - - gulp > vinyl-fs > glob-stream > minimatch: - patched: '2017-09-22T07:20:33.134Z' - 'npm:ms:20170412': - - '@akala/server > server-static > socket.io > engine.io > debug > ms': - patched: '2017-09-22T07:20:33.134Z' - - '@akala/server > server-static > socket.io > socket.io-adapter > debug > ms': - patched: '2017-09-22T07:20:33.134Z' - - '@akala/server > server-static > socket.io > socket.io-client > debug > ms': - patched: '2017-09-22T07:20:33.134Z' - - '@akala/server > server-static > socket.io > socket.io-client > engine.io-client > debug > ms': - patched: '2017-09-22T07:20:33.134Z' - - '@akala/server > server-static > socket.io > socket.io-adapter > socket.io-parser > debug > ms': - patched: '2017-09-22T07:20:33.134Z' - - '@akala/server > server-static > socket.io > socket.io-client > socket.io-parser > debug > ms': - patched: '2017-09-22T07:20:33.134Z' - - '@akala/server > server-static > socket.io > socket.io-parser > debug > ms': - patched: '2017-09-22T07:20:33.134Z' - - '@akala/server > server-static > socket.io > debug > ms': - patched: '2017-09-22T07:20:33.134Z' +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.14.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:minimatch:20160620': + - gulp > vinyl-fs > glob-watcher > gaze > globule > glob > minimatch: + patched: '2017-09-22T07:20:33.134Z' + - gulp > vinyl-fs > glob-watcher > gaze > globule > minimatch: + patched: '2017-09-22T07:20:33.134Z' + - gulp > vinyl-fs > glob-stream > glob > minimatch: + patched: '2017-09-22T07:20:33.134Z' + - gulp > vinyl-fs > glob-stream > minimatch: + patched: '2017-09-22T07:20:33.134Z' + 'npm:ms:20170412': + - '@akala/server > server-static > socket.io > engine.io > debug > ms': + patched: '2017-09-22T07:20:33.134Z' + - '@akala/server > server-static > socket.io > socket.io-adapter > debug > ms': + patched: '2017-09-22T07:20:33.134Z' + - '@akala/server > server-static > socket.io > socket.io-client > debug > ms': + patched: '2017-09-22T07:20:33.134Z' + - '@akala/server > server-static > socket.io > socket.io-client > engine.io-client > debug > ms': + patched: '2017-09-22T07:20:33.134Z' + - '@akala/server > server-static > socket.io > socket.io-adapter > socket.io-parser > debug > ms': + patched: '2017-09-22T07:20:33.134Z' + - '@akala/server > server-static > socket.io > socket.io-client > socket.io-parser > debug > ms': + patched: '2017-09-22T07:20:33.134Z' + - '@akala/server > server-static > socket.io > socket.io-parser > debug > ms': + patched: '2017-09-22T07:20:33.134Z' + - '@akala/server > server-static > socket.io > debug > ms': + patched: '2017-09-22T07:20:33.134Z' + SNYK-JS-LODASH-567746: + - ssdp-ts > async > lodash: + patched: '2020-04-30T21:50:33.431Z' From d62116db1969ef04a1338878a875cd675eb3215e Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 30 Apr 2020 23:50:36 +0200 Subject: [PATCH 2/2] fix: .snyk & package.json to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- package.json | 68 +++++++++++++++++++++++++++------------------------- 1 file changed, 35 insertions(+), 33 deletions(-) diff --git a/package.json b/package.json index 77ed942..81bbd11 100644 --- a/package.json +++ b/package.json @@ -1,34 +1,36 @@ -{ - "author": "npenin", - "peerDependencies": { - "@akala/server": "^2.0.28", - "@domojs/service-discovery": "^1.1.0" - }, - "dependencies": { - "ssdp-ts": "^3.2.6" - }, - "deprecated": false, - "description": "", - "devDependencies": { - "@akala/server": "^2.1.10", - "@domojs/service-discovery": "^1.1.7", - "@types/node": "^11.9.0", - "@types/ws": "^6.0.1", - "snyk": "^1.126.0" - }, - "license": "MIT", - "main": "dist/index.js", - "types": "dist/index.d.ts", - "name": "@domojs/upnp", - "scripts": { - "test": "echo \"Error: no test specified\"", - "build:js": "tsc -p src", - "build:js:routes": "browserify -x @akala/client -x @akala/core dist/client/routes.js -o dist/routes.js", - "build:js:tile": "browserify -x @akala/client -x @akala/core -i @domojs/theme-default/dist/tile dist/client/tile.js -o dist/tile.js", - "prepublishOnly": "npm run build", - "build": "npm run build:js" - }, - "snyk": true, - "typings": "dist/index.d.ts", - "version": "1.0.21" +{ + "author": "npenin", + "peerDependencies": { + "@akala/server": "^2.0.28", + "@domojs/service-discovery": "^1.1.0" + }, + "dependencies": { + "ssdp-ts": "^3.2.6", + "snyk": "^1.316.1" + }, + "deprecated": false, + "description": "", + "devDependencies": { + "@akala/server": "^2.1.10", + "@domojs/service-discovery": "^1.1.7", + "@types/node": "^11.9.0", + "@types/ws": "^6.0.1" + }, + "license": "MIT", + "main": "dist/index.js", + "types": "dist/index.d.ts", + "name": "@domojs/upnp", + "scripts": { + "test": "echo \"Error: no test specified\"", + "build:js": "tsc -p src", + "build:js:routes": "browserify -x @akala/client -x @akala/core dist/client/routes.js -o dist/routes.js", + "build:js:tile": "browserify -x @akala/client -x @akala/core -i @domojs/theme-default/dist/tile dist/client/tile.js -o dist/tile.js", + "prepublishOnly": "npm run build", + "build": "npm run build:js", + "snyk-protect": "snyk protect", + "prepare": "yarn run snyk-protect" + }, + "snyk": true, + "typings": "dist/index.d.ts", + "version": "1.0.21" }