Merge pull request #2 from l1kw1d/snyk-fix-b7f4f386019a8c9ab61b22ec36…

…659825 [Snyk] Fix for 18 vulnerabilities
l1kw1d · Jan 14, 2020 · 97d2af6 · 97d2af6
2 parents a389ce1 + 3adde49
commit 97d2af6
Show file tree

Hide file tree

Showing 2 changed files with 103 additions and 9 deletions.
diff --git a/.snyk b/.snyk
@@ -0,0 +1,90 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.14.0
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:debug:20170905':
+    - big > resource-mesh > resource-http > express > debug:
+        patched: '2020-01-14T15:14:21.487Z'
+    - big > resource-mesh > resource-http > express > send > debug:
+        patched: '2020-01-14T15:14:21.487Z'
+    - big > resource-mesh > resource-http > express > connect > debug:
+        patched: '2020-01-14T15:14:21.487Z'
+    - big > resource-mesh > resource-http > express > connect > express-session > debug:
+        patched: '2020-01-14T15:14:21.487Z'
+    - big > resource-mesh > resource-http > express > connect > finalhandler > debug:
+        patched: '2020-01-14T15:14:21.487Z'
+    - big > resource-mesh > resource-http > express > connect > compression > debug:
+        patched: '2020-01-14T15:14:21.487Z'
+    - big > resource-mesh > resource-http > express > connect > serve-index > debug:
+        patched: '2020-01-14T15:14:21.487Z'
+    - big > resource-mesh > resource-http > express > connect > body-parser > debug:
+        patched: '2020-01-14T15:14:21.487Z'
+    - big > resource-mesh > resource-http > express > connect > connect-timeout > debug:
+        patched: '2020-01-14T15:14:21.487Z'
+    - big > resource-mesh > resource-http > express > connect > morgan > debug:
+        patched: '2020-01-14T15:14:21.487Z'
+    - big > resource-mesh > resource-http > express > connect > serve-static > send > debug:
+        patched: '2020-01-14T15:14:21.487Z'
+  'npm:http-signature:20150122':
+    - resource-email > sendgrid > request > http-signature:
+        patched: '2020-01-14T15:14:21.487Z'
+  'npm:mime:20170907':
+    - big > resource-mesh > resource-http > express > send > mime:
+        patched: '2020-01-14T15:14:21.487Z'
+    - big > resource-mesh > resource-http > express > connect > serve-static > send > mime:
+        patched: '2020-01-14T15:14:21.487Z'
+    - resource-email > sendgrid > request > mime:
+        patched: '2020-01-14T15:14:21.487Z'
+    - resource-email > sendgrid > request > form-data > mime:
+        patched: '2020-01-14T15:14:21.487Z'
+  'npm:ms:20170412':
+    - big > resource-mesh > resource-http > express > send > ms:
+        patched: '2020-01-14T15:14:21.487Z'
+    - big > resource-mesh > resource-http > express > debug > ms:
+        patched: '2020-01-14T15:14:21.487Z'
+    - big > resource-mesh > resource-http > express > connect > debug > ms:
+        patched: '2020-01-14T15:14:21.487Z'
+    - big > resource-mesh > resource-http > express > send > debug > ms:
+        patched: '2020-01-14T15:14:21.487Z'
+    - big > resource-mesh > resource-http > express > connect > connect-timeout > ms:
+        patched: '2020-01-14T15:14:21.487Z'
+    - big > resource-mesh > resource-http > express > connect > morgan > debug > ms:
+        patched: '2020-01-14T15:14:21.487Z'
+    - big > resource-mesh > resource-http > express > connect > serve-index > debug > ms:
+        patched: '2020-01-14T15:14:21.487Z'
+    - big > resource-mesh > resource-http > express > connect > compression > debug > ms:
+        patched: '2020-01-14T15:14:21.487Z'
+    - big > resource-mesh > resource-http > express > connect > body-parser > debug > ms:
+        patched: '2020-01-14T15:14:21.487Z'
+    - big > resource-mesh > resource-http > express > connect > connect-timeout > debug > ms:
+        patched: '2020-01-14T15:14:21.487Z'
+    - big > resource-mesh > resource-http > express > connect > express-session > debug > ms:
+        patched: '2020-01-14T15:14:21.487Z'
+    - big > resource-mesh > resource-http > express > connect > finalhandler > debug > ms:
+        patched: '2020-01-14T15:14:21.487Z'
+    - big > resource-mesh > resource-http > express > connect > serve-static > send > ms:
+        patched: '2020-01-14T15:14:21.487Z'
+    - big > resource-mesh > resource-http > express > connect > serve-static > send > debug > ms:
+        patched: '2020-01-14T15:14:21.487Z'
+    - big > resource-mesh > resource-http > express > connect > serve-favicon > ms:
+        patched: '2020-01-14T15:14:21.487Z'
+  'npm:ms:20151024':
+    - big > resource-mesh > engine.io > debug > ms:
+        patched: '2020-01-14T15:14:21.487Z'
+  'npm:negotiator:20160616':
+    - big > resource-mesh > resource-http > express > connect > compression > accepts > negotiator:
+        patched: '2020-01-14T15:14:21.487Z'
+    - big > resource-mesh > resource-http > express > connect > serve-index > accepts > negotiator:
+        patched: '2020-01-14T15:14:21.487Z'
+  'npm:qs:20140806-1':
+    - resource-email > sendgrid > request > qs:
+        patched: '2020-01-14T15:14:21.487Z'
+  'npm:request:20160119':
+    - resource-email > sendgrid > request:
+        patched: '2020-01-14T15:14:21.487Z'
+  'npm:ws:20160920':
+    - big > resource-mesh > engine.io > ws:
+        patched: '2020-01-14T15:14:21.487Z'
+    - big > resource-mesh > engine.io-client > ws:
+        patched: '2020-01-14T15:14:21.487Z'
diff --git a/package.json b/package.json
@@ -29,12 +29,12 @@
     "big": "^0.5.0",
     "body-parser": "^1.9.2",
     "busboy": "^0.2.9",
-    "cheerio": "^0.17.0",
+    "cheerio": "^0.20.0",
     "chroot": "^1.0.2",
     "coffee-script": "^1.10.0",
     "colors": "^1.0.3",
     "cron-parser": "^0.4.5",
-    "datauri": "^0.5.5",
+    "datauri": "^1.1.0",
     "dateformat": "^1.0.8",
     "debug": "^2.1.0",
     "github": "^0.2.2",
@@ -56,7 +56,7 @@
     "mschema": "https://github.com/mschema/mschema/tarball/master",
     "mschema-forms": "https://github.com/mschema/mschema-forms/tarball/master",
     "mschema-rpc": "https://github.com/mschema/mschema-rpc/tarball/master",
-    "mustache": "^0.8.2",
+    "mustache": "^2.2.1",
     "nano": "^6.1.5",
     "node-slug": "0.0.2",
     "node-uuid": "^1.4.3",
@@ -77,15 +77,16 @@
     "rss": "^1.1.1",
     "run-remote-service": "https://github.com/bigcompany/run-remote-service/tarball/master",
     "run-service": "https://github.com/bigcompany/run-service/tarball/master",
-    "slug": "^0.8.0",
+    "slug": "^0.9.2",
     "stream-buffers": "^1.1.0",
-    "stripe": "^3.3.4",
+    "stripe": "^4.15.1",
     "through2": "^0.6.3",
-    "tree-kill": "^0.1.1",
+    "tree-kill": "^1.2.2",
     "trycatch": "^1.5.20",
     "view": "https://github.com/bigcompany/view/tarball/master",
     "websocket-stream": "^3.1.0",
-    "ws": "^1.0.1"
+    "ws": "^1.0.1",
+    "snyk": "^1.278.1"
   },
   "devDependencies": {
     "babel-preset-es2015": "^6.5.0",
@@ -94,8 +95,11 @@
   },
   "scripts": {
     "test": "echo \"Error: no test specified\" && exit 1",
-    "start": "sh scripts/start.sh"
+    "start": "sh scripts/start.sh",
+    "snyk-protect": "snyk protect",
+    "prepublish": "npm run snyk-protect"
   },
   "author": "Marak",
-  "license": "AGPL"
+  "license": "AGPL",
+  "snyk": true
 }