From b3948c76acbacf8bd72fd0f1620b2591fe9e61d0 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 5 Aug 2021 08:16:44 +0000 Subject: [PATCH] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ENGINEIO-1056749 - https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905 - https://snyk.io/vuln/SNYK-JS-LODASH-1018905 - https://snyk.io/vuln/SNYK-JS-LODASH-1040724 - https://snyk.io/vuln/SNYK-JS-LODASH-450202 - https://snyk.io/vuln/SNYK-JS-LODASH-567746 - https://snyk.io/vuln/SNYK-JS-LODASH-590103 - https://snyk.io/vuln/SNYK-JS-LODASH-608086 - https://snyk.io/vuln/SNYK-JS-LODASH-73638 - https://snyk.io/vuln/SNYK-JS-LODASH-73639 - https://snyk.io/vuln/SNYK-JS-MINIMATCH-1019388 - https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 - https://snyk.io/vuln/SNYK-JS-MOCHA-561476 - https://snyk.io/vuln/SNYK-JS-MVERSION-572433 - https://snyk.io/vuln/SNYK-JS-MVERSION-573174 - https://snyk.io/vuln/SNYK-JS-SOCKETIO-1024859 - https://snyk.io/vuln/SNYK-JS-SOCKETIOPARSER-1056752 - https://snyk.io/vuln/SNYK-JS-TRIMNEWLINES-1298042 - https://snyk.io/vuln/SNYK-JS-WS-1296835 - https://snyk.io/vuln/npm:braces:20180219 - https://snyk.io/vuln/npm:debug:20170905 - https://snyk.io/vuln/npm:growl:20160721 - https://snyk.io/vuln/npm:lodash:20180130 - https://snyk.io/vuln/npm:minimatch:20160620 - https://snyk.io/vuln/npm:ms:20170412 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:debug:20170905 - https://snyk.io/vuln/npm:minimatch:20160620 - https://snyk.io/vuln/npm:ms:20170412 --- .snyk | 18 ++++++++++++++++++ package.json | 22 ++++++++++++++-------- 2 files changed, 32 insertions(+), 8 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..2e159a1 --- /dev/null +++ b/.snyk @@ -0,0 +1,18 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.21.5 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:debug:20170905': + - karma > socket.io > socket.io-adapter > socket.io-parser > debug: + patched: '2021-08-05T08:16:41.305Z' + 'npm:minimatch:20160620': + - gulp > vinyl-fs > glob-stream > minimatch: + patched: '2021-08-05T08:16:41.305Z' + - gulp > vinyl-fs > glob-watcher > gaze > globule > minimatch: + patched: '2021-08-05T08:16:41.305Z' + - gulp > vinyl-fs > glob-watcher > gaze > globule > glob > minimatch: + patched: '2021-08-05T08:16:41.305Z' + 'npm:ms:20170412': + - karma > socket.io > socket.io-adapter > socket.io-parser > debug > ms: + patched: '2021-08-05T08:16:41.305Z' diff --git a/package.json b/package.json index 5468f9a..c67996b 100644 --- a/package.json +++ b/package.json @@ -25,30 +25,30 @@ "babelify": "^7.2.0", "browser-sync": "^2.7.1", "browserify": "^13.0.0", - "browserify-istanbul": "^0.2.1", + "browserify-istanbul": "^2.0.0", "chai": "^3.4.1", - "gulp": "^3.9.0", + "gulp": "^4.0.0", "gulp-shell": "^0.5.2", "gulp-sourcemaps": "^1.6.0", "gulp-util": "^3.0.5", - "karma": "^0.13.9", + "karma": "^6.0.0", "karma-browserify": "^5.0.1", "karma-chai-sinon": "^0.1.5", "karma-chrome-launcher": "^0.2.2", - "karma-coverage": "^0.5.3", + "karma-coverage": "^2.0.2", "karma-firefox-launcher": "^0.1.6", "karma-mocha": "^0.2.1", "karma-source-map-support": "^1.1.0", "karma-spec-reporter": "^0.0.24", "lodash": "^4.3.0", - "mocha": "^2.2.5", - "mversion": "^1.10.1", + "mocha": "^6.2.3", + "mversion": "^2.0.1", "run-sequence": "^1.1.0", "sinon": "1.14.1", "sinon-chai": "2.8.0", "vinyl-buffer": "^1.0.0", "vinyl-source-stream": "^1.1.0", - "watchify": "^3.2.1" + "watchify": "^4.0.0" }, "browserify": { "transform": [ @@ -65,6 +65,12 @@ "scripts": { "start": "gulp serve", "test": "gulp test:ci", - "postinstall": "echo 'bower install...';bower install;echo 'FlexSDK install...'; ./flexSDK.sh" + "postinstall": "echo 'bower install...';bower install;echo 'FlexSDK install...'; ./flexSDK.sh", + "prepublish": "npm run snyk-protect", + "snyk-protect": "snyk-protect" + }, + "snyk": true, + "dependencies": { + "@snyk/protect": "latest" } }