[Snyk] Security upgrade snyk from 1.434.3 to 1.685.0

.snyk

@@ -0,0 +1,25 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.19.0
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:debug:20170905':
+    - express > finalhandler > debug:
+        patched: '2020-12-08T21:24:47.536Z'
+  'npm:extend:20180424':
+    - request > extend:
+        patched: '2020-12-08T21:24:47.536Z'
+  SNYK-JS-LODASH-567746:
+    - async > lodash:
+        patched: '2020-12-08T21:24:47.536Z'
+  'npm:moment:20170905':
+    - bunyan > moment:
+        patched: '2020-12-08T21:24:47.536Z'
+    - jsonwebtoken > joi > moment:
+        patched: '2020-12-08T21:24:47.536Z'
+  'npm:stringstream:20180511':
+    - request > stringstream:
+        patched: '2020-12-08T21:24:47.536Z'
+  'npm:tough-cookie:20170905':
+    - request > tough-cookie:
+        patched: '2020-12-08T21:24:47.536Z'

.whitesource

@@ -0,0 +1,12 @@
+{
+  "scanSettings": {
+    "baseBranches": []
+  },
+  "checkRunSettings": {
+    "vulnerableCheckRunConclusionLevel": "failure",
+    "displayMode": "diff"
+  },
+  "issueSettings": {
+    "minSeverityLevel": "LOW"
+  }
+}

package.json

@@ -15,35 +15,36 @@
     "verdaccio": "./bin/verdaccio"
   },
   "dependencies": {
-    "@verdaccio/file-locking": "^0.0.3",
+    "@verdaccio/file-locking": "^1.0.0",
     "JSONStream": "^1.1.1",
     "apache-md5": "^1.1.2",
     "async": "^2.0.1",
-    "body-parser": "^1.15.0",
-    "bunyan": "^1.8.0",
+    "body-parser": "^1.19.2",
+    "bunyan": "^1.8.13",
     "chalk": "^2.0.1",
-    "commander": "^2.11.0",
-    "compression": "1.6.2",
+    "commander": "^2.20.3",
+    "compression": "1.7.1",
     "cookies": "^0.7.0",
     "cors": "^2.8.3",
-    "express": "4.15.3",
+    "express": "4.17.3",
     "global": "^4.3.2",
-    "handlebars": "4.0.5",
-    "http-errors": "^1.4.0",
+    "handlebars": "4.6.0",
+    "http-errors": "^1.8.0",
     "js-string-escape": "1.0.1",
-    "js-yaml": "^3.6.0",
-    "jsonwebtoken": "^7.4.1",
+    "js-yaml": "^3.14.0",
+    "jsonwebtoken": "^9.0.0",
     "lockfile": "^1.0.1",
-    "lodash": "4.17.4",
+    "lodash": "4.17.20",
     "lunr": "^0.7.0",
-    "marked": "0.3.6",
-    "mime": "^1.3.6",
+    "marked": "1.2.4",
+    "mime": "^1.4.1",
     "minimatch": "^3.0.2",
-    "mkdirp": "^0.5.1",
+    "mkdirp": "^0.5.2",
     "pkginfo": "^0.4.0",
-    "request": "^2.72.0",
-    "semver": "^5.1.0",
-    "unix-crypt-td-js": "^1.0.0"
+    "request": "^2.88.0",
+    "semver": "^5.7.1",
+    "unix-crypt-td-js": "^1.0.0",
+    "snyk": "^1.685.0"
   },
   "devDependencies": {
     "axios": "0.16.2",
@@ -116,7 +117,7 @@
     "server"
   ],
   "scripts": {
-    "prepublish": "in-publish && npm run build:webui || not-in-publish",
+    "prepublish": "yarn run snyk-protect && in-publish && npm run build:webui || not-in-publish",
     "test": "mocha ./test/functional ./test/unit --reporter=spec --full-trace",
     "pre:ci": "npm run build:webui",
     "test:ci": "npm run test:coverage",
@@ -130,7 +131,8 @@
     "dev:webui": "babel-node tools/dev.server.js",
     "build:webui": "npm run pre:webpack && webpack --config tools/webpack.prod.config.babel.js",
     "build:docker": "docker build -t verdaccio . --no-cache",
-    "build:docker:rpi": "docker build -f Dockerfile.rpi -t verdaccio:rpi ."
+    "build:docker:rpi": "docker build -f Dockerfile.rpi -t verdaccio:rpi .",
+    "snyk-protect": "snyk protect"
   },
   "jest": {
     "snapshotSerializers": [
@@ -145,5 +147,6 @@
   "publishConfig": {
     "registry": "https://registry.npmjs.org/"
   },
-  "license": "WTFPL"
+  "license": "WTFPL",
+  "snyk": true
 }