From f35d75fc55c45734cfc177ea4c27ac776049798f Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Fri, 12 Apr 2019 04:50:56 +0000
Subject: [PATCH] fix: .snyk & package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MARKED-174116
- https://snyk.io/vuln/SNYK-JS-MORGAN-72579
- https://snyk.io/vuln/SNYK-JS-MPATH-72672
- https://snyk.io/vuln/SNYK-JS-OPEN-174041
- https://snyk.io/vuln/npm:braces:20180219
- https://snyk.io/vuln/npm:bson:20180225
- https://snyk.io/vuln/npm:clean-css:20180306
- https://snyk.io/vuln/npm:debug:20170905
- https://snyk.io/vuln/npm:extend:20180424
- https://snyk.io/vuln/npm:fresh:20170908
- https://snyk.io/vuln/npm:hoek:20180212
- https://snyk.io/vuln/npm:marked:20180225
- https://snyk.io/vuln/npm:mime:20170907
- https://snyk.io/vuln/npm:ms:20170412
- https://snyk.io/vuln/npm:qs:20170213


The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/npm:debug:20170905
- https://snyk.io/vuln/npm:hoek:20180212
- https://snyk.io/vuln/npm:ms:20170412
- https://snyk.io/vuln/npm:uglify-js:20151024
---
 .snyk        | 25 +++++++++++++++++++++++++
 package.json | 36 ++++++++++++++++++++----------------
 2 files changed, 45 insertions(+), 16 deletions(-)
 create mode 100644 .snyk

diff --git a/.snyk b/.snyk
new file mode 100644
index 00000000..84417d23
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,25 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.13.3
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:debug:20170905':
+    - mongoconfig > mongoose > mquery > debug:
+        patched: '2019-04-12T04:50:54.830Z'
+  'npm:hoek:20180212':
+    - jstransformer-less > less > request > hawk > hoek:
+        patched: '2019-04-12T04:50:54.830Z'
+    - jstransformer-less > less > request > hawk > boom > hoek:
+        patched: '2019-04-12T04:50:54.830Z'
+    - jstransformer-less > less > request > hawk > sntp > hoek:
+        patched: '2019-04-12T04:50:54.830Z'
+    - jstransformer-less > less > request > hawk > cryptiles > boom > hoek:
+        patched: '2019-04-12T04:50:54.830Z'
+  'npm:ms:20170412':
+    - mongoconfig > mongoose > ms:
+        patched: '2019-04-12T04:50:54.830Z'
+    - mongoconfig > mongoose > mquery > debug > ms:
+        patched: '2019-04-12T04:50:54.830Z'
+  'npm:uglify-js:20151024':
+    - jade > transformers > uglify-js:
+        patched: '2019-04-12T04:50:54.830Z'
diff --git a/package.json b/package.json
index eb9e8dcc..06c49037 100644
--- a/package.json
+++ b/package.json
@@ -14,28 +14,28 @@
     "awesome-module-manager": "1.2.0",
     "awesome-node-redis-pubsub": "github:linagora/awesome-node-redis-pubsub",
     "awesome-sessionstore": "github:linagora/awesome-sessionstore",
-    "body-parser": "1.15.2",
-    "bson": "0.5.5",
-    "chokidar": "1.6.0",
+    "body-parser": "1.18.2",
+    "bson": "1.0.5",
+    "chokidar": "2.0.0",
     "connect-dynamic-middleware": "0.1.0",
     "cookie-parser": "1.4.3",
     "cors": "2.8.1",
     "ejs": "2.5.7",
     "email-addresses": "2.0.2",
-    "express": "4.14.0",
+    "express": "4.16.0",
     "express-domain-middleware": "0.1.0",
-    "express-session": "1.14.1",
-    "extend": "3.0.0",
+    "express-session": "1.15.6",
+    "extend": "3.0.2",
     "fs-extra": "0.30.0",
     "hash_file": "0.1.1",
-    "helmet": "2.2.0",
+    "helmet": "3.8.2",
     "hublin.easyrtc.connector": "github:linagora/hublin-easyrtc-connector",
     "hublin.janus.connector": "github:linagora/hublin-janus-connector",
     "i18n": "git+https://github.com/linagora/i18n-node.git#multiDirectories",
     "jade": "1.11.0",
     "jstransformer-less": "2.2.0",
     "konphyg": "1.4.0",
-    "less-middleware": "2.2.0",
+    "less-middleware": "3.0.0",
     "linagora.esn.collaborative-editor": "github:linagora/linagora.esn.collaborative-editor",
     "linagora.esn.conference.email-invitation": "github:linagora/linagora.esn.conference.email-invitation",
     "linagora.esn.conference.invitation": "github:linagora/linagora.esn.conference.invitation",
@@ -44,20 +44,21 @@
     "linagora.esn.websocket-server": "github:linagora/linagora.esn.websocket-server",
     "linagora.esn.yjs": "github:linagora/linagora.esn.yjs",
     "linagora.esn.yjs-chat": "github:linagora/linagora.esn.yjs-chat",
-    "marked": "0.3.12",
+    "marked": "0.6.2",
     "mongoconfig": "1.1.0",
     "mongodb": "2.2.19",
-    "mongoose": "4.7.1",
+    "mongoose": "4.13.17",
     "mongoose-auto-increment": "5.0.1",
-    "morgan": "1.7.0",
+    "morgan": "1.9.1",
     "node-uuid": "1.4.7",
-    "open": "0.0.5",
-    "pug": "2.0.0-rc.3",
+    "open": "6.0.0",
+    "pug": "2.0.0",
     "q": "1.4.1",
     "redis": "2.6.2",
     "trim": "0.0.1",
     "winston": "2.2.0",
-    "winston-mail": "1.3.0"
+    "winston-mail": "1.3.0",
+    "snyk": "^1.150.0"
   },
   "devDependencies": {
     "@linagora/grunt-lint-pattern": "0.1.4",
@@ -118,8 +119,11 @@
   },
   "scripts": {
     "postinstall": "./node_modules/bower/bin/bower install --allow-root",
-    "test": "grunt test --chunk=1"
+    "test": "grunt test --chunk=1",
+    "snyk-protect": "snyk protect",
+    "prepublish": "npm run snyk-protect"
   },
   "author": "Linagora Folks",
-  "license": "AGPLv3"
+  "license": "AGPLv3",
+  "snyk": true
 }