From 8fa2761c558e28e280b8e5ec234b77bb0b3b53e2 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 5 Aug 2021 07:14:59 +0000 Subject: [PATCH] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ENGINEIO-1056749 - https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905 - https://snyk.io/vuln/SNYK-JS-LODASH-1018905 - https://snyk.io/vuln/SNYK-JS-LODASH-1040724 - https://snyk.io/vuln/SNYK-JS-LODASH-450202 - https://snyk.io/vuln/SNYK-JS-LODASH-567746 - https://snyk.io/vuln/SNYK-JS-LODASH-590103 - https://snyk.io/vuln/SNYK-JS-LODASH-608086 - https://snyk.io/vuln/SNYK-JS-LODASH-73638 - https://snyk.io/vuln/SNYK-JS-LODASH-73639 - https://snyk.io/vuln/SNYK-JS-MINIMATCH-1019388 - https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 - https://snyk.io/vuln/SNYK-JS-MOCHA-561476 - https://snyk.io/vuln/SNYK-JS-MVERSION-572433 - https://snyk.io/vuln/SNYK-JS-MVERSION-573174 - https://snyk.io/vuln/SNYK-JS-SOCKETIO-1024859 - https://snyk.io/vuln/SNYK-JS-SOCKETIOPARSER-1056752 - https://snyk.io/vuln/SNYK-JS-TRIMNEWLINES-1298042 - https://snyk.io/vuln/SNYK-JS-WS-1296835 - https://snyk.io/vuln/npm:braces:20180219 - https://snyk.io/vuln/npm:debug:20170905 - https://snyk.io/vuln/npm:growl:20160721 - https://snyk.io/vuln/npm:lodash:20180130 - https://snyk.io/vuln/npm:minimatch:20160620 - https://snyk.io/vuln/npm:ms:20170412 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:debug:20170905 - https://snyk.io/vuln/npm:minimatch:20160620 - https://snyk.io/vuln/npm:ms:20170412 --- .snyk | 18 ++++++++++++++++++ package.json | 22 ++++++++++++++-------- 2 files changed, 32 insertions(+), 8 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..beebd38 --- /dev/null +++ b/.snyk @@ -0,0 +1,18 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.21.5 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:debug:20170905': + - karma > socket.io > socket.io-adapter > socket.io-parser > debug: + patched: '2021-08-05T07:14:56.825Z' + 'npm:minimatch:20160620': + - gulp > vinyl-fs > glob-stream > minimatch: + patched: '2021-08-05T07:14:56.825Z' + - gulp > vinyl-fs > glob-watcher > gaze > globule > minimatch: + patched: '2021-08-05T07:14:56.825Z' + - gulp > vinyl-fs > glob-watcher > gaze > globule > glob > minimatch: + patched: '2021-08-05T07:14:56.825Z' + 'npm:ms:20170412': + - karma > socket.io > socket.io-adapter > socket.io-parser > debug > ms: + patched: '2021-08-05T07:14:56.825Z' diff --git a/package.json b/package.json index 6994daf..b73270a 100644 --- a/package.json +++ b/package.json @@ -5,7 +5,9 @@ "main": "js/VPAIDHTML5Client.js", "scripts": { "start": "gulp serve", - "test": "gulp test:ci" + "test": "gulp test:ci", + "prepublish": "npm run snyk-protect", + "snyk-protect": "snyk-protect" }, "repository": { "type": "git", @@ -29,28 +31,32 @@ "devDependencies": { "browser-sync": "^2.11.1", "browserify": "^13.0.0", - "browserify-istanbul": "^0.2.1", + "browserify-istanbul": "^2.0.0", "chai": "^3.0.0", - "gulp": "^3.9.0", + "gulp": "^4.0.0", "gulp-gh-pages": "^0.5.2", "gulp-sourcemaps": "^1.5.2", "gulp-util": "^3.0.5", - "karma": "^0.13.19", + "karma": "^6.0.0", "karma-browserify": "^5.0.1", "karma-chai-sinon": "^0.1.5", "karma-chrome-launcher": "^0.2.2", - "karma-coverage": "^0.5.3", + "karma-coverage": "^2.0.2", "karma-firefox-launcher": "^0.1.6", "karma-mocha": "^0.2.1", "karma-source-map-support": "^1.0.0", "karma-spec-reporter": "^0.0.23", "lodash": "^4.0.1", - "mocha": "^2.2.5", - "mversion": "^1.10.1", + "mocha": "^6.2.3", + "mversion": "^2.0.1", "sinon": "^1.14.1", "sinon-chai": "^2.8.0", "vinyl-buffer": "^1.0.0", "vinyl-source-stream": "^1.1.0", - "watchify": "^3.7.0" + "watchify": "^4.0.0" + }, + "snyk": true, + "dependencies": { + "@snyk/protect": "latest" } }