From fe8d83fc2f308c7e1ed5390be9f22a2c9b655e11 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 11 Oct 2018 02:58:13 +0000 Subject: [PATCH] fix: .snyk & package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/npm:braces:20180219 - https://snyk.io/vuln/npm:cryptiles:20180710 - https://snyk.io/vuln/npm:deep-extend:20180409 - https://snyk.io/vuln/npm:diff:20180305 - https://snyk.io/vuln/npm:eslint:20180222 - https://snyk.io/vuln/npm:extend:20180424 - https://snyk.io/vuln/npm:hoek:20180212 - https://snyk.io/vuln/npm:lodash:20180130 - https://snyk.io/vuln/npm:nwmatcher:20180305 - https://snyk.io/vuln/npm:sshpk:20180409 - https://snyk.io/vuln/npm:stringstream:20180511 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:hoek:20180212 --- .snyk | 46 ++++++++++++++++++++++++++++++++++++++++++++++ package.json | 33 +++++++++++++++++++++++---------- 2 files changed, 69 insertions(+), 10 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..51f4597 --- /dev/null +++ b/.snyk @@ -0,0 +1,46 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.12.0 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:hoek:20180212': + - js-devbox > jest-cli > jest-runner > jest-runtime > jest-haste-map > sane > fsevents > node-pre-gyp > hawk > hoek: + patched: '2018-10-11T02:58:11.811Z' + - js-devbox > babel-cli > chokidar > fsevents > node-pre-gyp > hawk > hoek: + patched: '2018-10-11T02:58:11.811Z' + - js-devbox > babel-cli > chokidar > fsevents > node-pre-gyp > hawk > sntp > hoek: + patched: '2018-10-11T02:58:11.811Z' + - js-devbox > babel-cli > chokidar > fsevents > node-pre-gyp > hawk > boom > hoek: + patched: '2018-10-11T02:58:11.811Z' + - js-devbox > babel-cli > chokidar > fsevents > node-pre-gyp > hawk > cryptiles > boom > hoek: + patched: '2018-10-11T02:58:11.811Z' + - js-devbox > jest-cli > jest-runner > jest-haste-map > sane > fsevents > node-pre-gyp > hawk > hoek: + patched: '2018-10-11T02:58:11.811Z' + - js-devbox > jest-cli > jest-haste-map > sane > fsevents > node-pre-gyp > hawk > sntp > hoek: + patched: '2018-10-11T02:58:11.811Z' + - js-devbox > jest-cli > jest-runtime > jest-haste-map > sane > fsevents > node-pre-gyp > hawk > hoek: + patched: '2018-10-11T02:58:11.811Z' + - js-devbox > jest-cli > jest-haste-map > sane > fsevents > node-pre-gyp > hawk > boom > hoek: + patched: '2018-10-11T02:58:11.811Z' + - js-devbox > jest-cli > jest-runner > jest-haste-map > sane > fsevents > node-pre-gyp > hawk > boom > hoek: + patched: '2018-10-11T02:58:11.811Z' + - js-devbox > jest-cli > jest-haste-map > sane > fsevents > node-pre-gyp > hawk > hoek: + patched: '2018-10-11T02:58:11.811Z' + - js-devbox > jest-cli > jest-runtime > jest-haste-map > sane > fsevents > node-pre-gyp > hawk > boom > hoek: + patched: '2018-10-11T02:58:11.811Z' + - js-devbox > jest-cli > jest-haste-map > sane > fsevents > node-pre-gyp > hawk > cryptiles > boom > hoek: + patched: '2018-10-11T02:58:11.811Z' + - js-devbox > jest-cli > jest-runtime > jest-haste-map > sane > fsevents > node-pre-gyp > hawk > sntp > hoek: + patched: '2018-10-11T02:58:11.811Z' + - js-devbox > jest-cli > jest-runner > jest-haste-map > sane > fsevents > node-pre-gyp > hawk > sntp > hoek: + patched: '2018-10-11T02:58:11.811Z' + - js-devbox > jest-cli > jest-runner > jest-runtime > jest-haste-map > sane > fsevents > node-pre-gyp > hawk > boom > hoek: + patched: '2018-10-11T02:58:11.811Z' + - js-devbox > jest-cli > jest-runner > jest-haste-map > sane > fsevents > node-pre-gyp > hawk > cryptiles > boom > hoek: + patched: '2018-10-11T02:58:11.811Z' + - js-devbox > jest-cli > jest-runtime > jest-haste-map > sane > fsevents > node-pre-gyp > hawk > cryptiles > boom > hoek: + patched: '2018-10-11T02:58:11.811Z' + - js-devbox > jest-cli > jest-runner > jest-runtime > jest-haste-map > sane > fsevents > node-pre-gyp > hawk > sntp > hoek: + patched: '2018-10-11T02:58:11.811Z' + - js-devbox > jest-cli > jest-runner > jest-runtime > jest-haste-map > sane > fsevents > node-pre-gyp > hawk > cryptiles > boom > hoek: + patched: '2018-10-11T02:58:11.811Z' diff --git a/package.json b/package.json index bbc6514..85e7f02 100644 --- a/package.json +++ b/package.json @@ -14,31 +14,42 @@ "lint": "eslint src", "precommit": "lint-staged && yarn test", "prepack": "yarn build", - "prepare": "yarn build", + "prepare": "npm run snyk-protect; yarn build", "prepublishOnly": "yarn test", "preversion": "yarn test", "test": "yarn lint && yarn run flow && yarn build && yarn test-only", "test-only": "jest", "contrib": "./scripts/contrib.sh", - "tidy-ci": "yarn contrib" + "tidy-ci": "yarn contrib", + "snyk-protect": "snyk protect" }, "engines": { "node": ">=6.0.0", "yarn": "^1.3.2" }, - "keywords": ["KEYWORDS"], + "keywords": [ + "KEYWORDS" + ], "lint-staged": { - "src/**/*.{js,jsx}": ["prettier --parser flow --write", "git add"], - "**/*.{json,md}": ["prettier --write", "git add"] + "src/**/*.{js,jsx}": [ + "prettier --parser flow --write", + "git add" + ], + "**/*.{json,md}": [ + "prettier --write", + "git add" + ] }, "homepage": "https://github.com/holvonix-open/js-kitchen-sync#readme", "repository": { "type": "git", "url": "git+https://github.com/holvonix-open/js-kitchen-sync.git" }, - "author": - "Holvonix LLC and the js-kitchen-sync AUTHORS (https://github.com/holvonix-open/js-kitchen-sync)", - "contributors": ["See AUTHORS file", "See CONTRIBUTORS file"], + "author": "Holvonix LLC and the js-kitchen-sync AUTHORS (https://github.com/holvonix-open/js-kitchen-sync)", + "contributors": [ + "See AUTHORS file", + "See CONTRIBUTORS file" + ], "files": [ "lib/", "CHANGELOG.md", @@ -59,7 +70,8 @@ "license": "Apache-2.0", "dependencies": { "js-devbox": "5.0.0", - "json2array": "3.0.0" + "json2array": "3.0.0", + "snyk": "^1.103.1" }, "devDependencies": { "js-devbox": "5.0.0" @@ -68,5 +80,6 @@ "testEnvironment": "node", "collectCoverage": true, "coverageDirectory": "./coverage/" - } + }, + "snyk": true }