From 8878f8215e1938ae7de2387cf18cb1591dc1dc1f Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 8 Dec 2020 21:34:42 +0000 Subject: [PATCH] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 - https://snyk.io/vuln/SNYK-JS-MONGODB-473855 - https://snyk.io/vuln/SNYK-JS-MONGOOSE-472486 - https://snyk.io/vuln/SNYK-JS-MORGAN-72579 - https://snyk.io/vuln/npm:base64-url:20180512 - https://snyk.io/vuln/npm:concat-stream:20160901 - https://snyk.io/vuln/npm:crypto-browserify:20140722 - https://snyk.io/vuln/npm:debug:20170905 - https://snyk.io/vuln/npm:deep-extend:20180409 - https://snyk.io/vuln/npm:ejs:20161128 - https://snyk.io/vuln/npm:ejs:20161130 - https://snyk.io/vuln/npm:ejs:20161130-1 - https://snyk.io/vuln/npm:engine.io-client:20160426 - https://snyk.io/vuln/npm:fresh:20170908 - https://snyk.io/vuln/npm:hawk:20160119 - https://snyk.io/vuln/npm:hoek:20180212 - https://snyk.io/vuln/npm:mime:20170907 - https://snyk.io/vuln/npm:ms:20170412 - https://snyk.io/vuln/npm:negotiator:20160616 - https://snyk.io/vuln/npm:node-forge:20180226 - https://snyk.io/vuln/npm:qs:20140806 - https://snyk.io/vuln/npm:qs:20140806-1 - https://snyk.io/vuln/npm:qs:20170213 - https://snyk.io/vuln/npm:request:20160119 - https://snyk.io/vuln/npm:shell-quote:20160621 - https://snyk.io/vuln/npm:syntax-error:20140715 - https://snyk.io/vuln/npm:tunnel-agent:20170305 - https://snyk.io/vuln/npm:uglify-js:20150824 - https://snyk.io/vuln/npm:uglify-js:20151024 - https://snyk.io/vuln/npm:validator:20130705-1 - https://snyk.io/vuln/npm:validator:20130705-2 - https://snyk.io/vuln/npm:ws:20160104 - https://snyk.io/vuln/npm:ws:20160624 - https://snyk.io/vuln/npm:ws:20160920 - https://snyk.io/vuln/npm:ws:20171108 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:debug:20170905 - https://snyk.io/vuln/npm:lodash:20180130 - https://snyk.io/vuln/npm:ms:20170412 - https://snyk.io/vuln/npm:uglify-js:20151024 --- .snyk | 17 +++++++++ package.json | 103 ++++++++++++++++++++++++++------------------------- 2 files changed, 70 insertions(+), 50 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..d22e178 --- /dev/null +++ b/.snyk @@ -0,0 +1,17 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.19.0 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:debug:20170905': + - socket.io > socket.io-adapter > socket.io-parser > debug: + patched: '2020-12-08T21:34:36.662Z' + 'npm:lodash:20180130': + - email-templates > juice > web-resource-inliner > lodash: + patched: '2020-12-08T21:34:36.662Z' + 'npm:ms:20170412': + - socket.io > socket.io-adapter > socket.io-parser > debug > ms: + patched: '2020-12-08T21:34:36.662Z' + 'npm:uglify-js:20151024': + - node-xmpp > browserify > umd > ruglify > uglify-js: + patched: '2020-12-08T21:34:36.662Z' diff --git a/package.json b/package.json index 9ff08e2..15412c6 100644 --- a/package.json +++ b/package.json @@ -1,52 +1,55 @@ { - "name": "openhabcloud", - "description": "openHAB cloud service main package", - "version": "0.0.2", - "private": true, - "scripts": { - "start": "node app.js" - }, - "dependencies": { - "express": "3.21.0", - "ejs": "0.8.4", - "less-middleware": "0.1.11", - "socket.io": "1.7.4", - "socket.io-client": "1.1.0", - "request": "2.88.2", - "mongoose": "4.4.8", - "mongoose-types": "1.0.3", - "passport": "0.1.18", - "passport-local": "1.0.0", - "bcrypt": "5.0.0", - "connect-mongodb": "1.1.5", - "redis": "2.6.2", - "hiredis": "0.4", - "ejs-locals": "1.0.2", - "express-form": "0.8.x", - "connect-flash": "0.1.1", - "chokidar": "0.6.2", - "uuid": "1.4.1", - "node-gcm": "1.0.0", - "winston": "0.7.2", - "nodemailer": "6.4.16", - "connect-redis": "3.1.0", - "email-templates": "2.4.1", - "moment": "2.29.1", - "timezone": "0.0.23", - "time": "0.11.3", - "node-xmpp": "0.8.0", - "cron": "1.8.2", - "apn": "1.7.6", - "oauth2orize": "1.0.1", - "passport-http": "0.2.2", - "passport-oauth2-client-password": "0.1.2", - "passport-http-bearer": "1.0.1", - "socket.io-redis": "0.1.4", - "memwatch": "0.2.2", - "heapdump": "0.3.7", - "socket.io-redis": "1.0.0", - "mongoose-cache": "0.1.4", - "ratelimiter":"2.1.3", - "express-session":"1.14.1" - } + "name": "openhabcloud", + "description": "openHAB cloud service main package", + "version": "0.0.2", + "private": true, + "scripts": { + "start": "node app.js", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" + }, + "dependencies": { + "express": "4.16.0", + "ejs": "2.5.5", + "less-middleware": "0.1.11", + "socket.io": "2.0.2", + "socket.io-client": "1.7.4", + "request": "2.88.2", + "mongoose": "5.4.10", + "mongoose-types": "1.0.3", + "passport": "0.1.18", + "passport-local": "1.0.0", + "bcrypt": "5.0.0", + "connect-mongodb": "1.1.5", + "redis": "2.6.2", + "hiredis": "0.4", + "ejs-locals": "1.0.2", + "express-form": "0.12.4", + "connect-flash": "0.1.1", + "chokidar": "0.6.2", + "uuid": "1.4.1", + "node-gcm": "1.0.0", + "winston": "0.8.0", + "nodemailer": "6.4.16", + "connect-redis": "3.1.0", + "email-templates": "2.6.0", + "moment": "2.29.1", + "timezone": "0.0.23", + "time": "0.11.3", + "node-xmpp": "1.0.3", + "cron": "1.0.3", + "apn": "2.1.5", + "oauth2orize": "1.0.1", + "passport-http": "0.2.2", + "passport-oauth2-client-password": "0.1.2", + "passport-http-bearer": "1.0.1", + "socket.io-redis": "5.1.0", + "memwatch": "0.2.2", + "heapdump": "0.3.7", + "mongoose-cache": "0.1.4", + "ratelimiter": "2.1.3", + "express-session": "1.15.6", + "snyk": "^1.434.3" + }, + "snyk": true }