From 44b0700da89495f04807c346d891cb608cc6f5c5 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 26 Jun 2018 08:14:37 +0000 Subject: [PATCH] fix: .snyk & package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/npm:mime:20170907 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:mime:20170907 --- .snyk | 8 ++++++++ package.json | 12 ++++++++---- 2 files changed, 16 insertions(+), 4 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..153f090 --- /dev/null +++ b/.snyk @@ -0,0 +1,8 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.12.0 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:mime:20170907': + - express > accepts > mime: + patched: '2018-06-26T08:14:36.242Z' diff --git a/package.json b/package.json index e98ec12..fadf098 100644 --- a/package.json +++ b/package.json @@ -10,7 +10,7 @@ "cookie-parser": "~1.0.1", "ejs": "~0.8.4", "errorhandler": "~1.0.0", - "express": "~4.0.0", + "express": "~4.16.0", "express-jwt": "^0.1.3", "express-session": "~1.0.2", "jsonwebtoken": "^0.3.0", @@ -21,7 +21,8 @@ "passport": "~0.2.0", "passport-local": "~0.1.6", "request": "^2.45.0", - "serve-favicon": "~2.0.1" + "serve-favicon": "~2.0.1", + "snyk": "^1.85.0" }, "devDependencies": { "grunt": "~0.4.4", @@ -83,7 +84,10 @@ "scripts": { "start": "node server/app.js", "test": "grunt test", - "update-webdriver": "node node_modules/grunt-protractor-runner/node_modules/protractor/bin/webdriver-manager update" + "update-webdriver": "node node_modules/grunt-protractor-runner/node_modules/protractor/bin/webdriver-manager update", + "snyk-protect": "snyk protect", + "prepare": "npm run snyk-protect" }, - "private": true + "private": true, + "snyk": true }