From 175d132a1ea6fe506ecfd0be365316fa14f1a727 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Mon, 15 Apr 2019 08:48:18 +0000 Subject: [PATCH] fix: .snyk & package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-LODASH-73638 - https://snyk.io/vuln/SNYK-JS-LODASH-73639 - https://snyk.io/vuln/SNYK-JS-MORGAN-72579 - https://snyk.io/vuln/SNYK-JS-MPATH-72672 - https://snyk.io/vuln/npm:bson:20180225 - https://snyk.io/vuln/npm:debug:20170905 - https://snyk.io/vuln/npm:fresh:20170908 - https://snyk.io/vuln/npm:hoek:20180212 - https://snyk.io/vuln/npm:lodash:20180130 - https://snyk.io/vuln/npm:mime:20170907 - https://snyk.io/vuln/npm:moment:20170905 - https://snyk.io/vuln/npm:ms:20170412 - https://snyk.io/vuln/npm:qs:20170213 - https://snyk.io/vuln/npm:ws:20160920 - https://snyk.io/vuln/npm:ws:20171108 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:debug:20170905 - https://snyk.io/vuln/npm:hoek:20180212 - https://snyk.io/vuln/npm:lodash:20180130 - https://snyk.io/vuln/npm:ms:20170412 --- .snyk | 19 +++++++++++++++++++ package.json | 51 ++++++++++++++++++++++++--------------------------- 2 files changed, 43 insertions(+), 27 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..0c5d9ec --- /dev/null +++ b/.snyk @@ -0,0 +1,19 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.13.3 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:debug:20170905': + - feathers-socketio > socket.io > socket.io-adapter > socket.io-parser > debug: + patched: '2019-04-15T08:48:16.049Z' + 'npm:hoek:20180212': + - feathers-authentication-jwt > passport-jwt > jsonwebtoken > joi > hoek: + patched: '2019-04-15T08:48:16.049Z' + - feathers-authentication-jwt > passport-jwt > jsonwebtoken > joi > topo > hoek: + patched: '2019-04-15T08:48:16.049Z' + 'npm:lodash:20180130': + - mobx-react-matchmedia > match-media-mock > lodash: + patched: '2019-04-15T08:48:16.049Z' + 'npm:ms:20170412': + - feathers-socketio > socket.io > socket.io-adapter > socket.io-parser > debug > ms: + patched: '2019-04-15T08:48:16.049Z' diff --git a/package.json b/package.json index 187020c..a23940d 100644 --- a/package.json +++ b/package.json @@ -3,8 +3,7 @@ "version": "0.8.0-alpha.8", "license": "MIT", "description": "RFX Stack - Universal App featuring: React + Feathers + MobX", - "author": - "Claudio Savino (https://twitter.com/foxhound87)", + "author": "Claudio Savino (https://twitter.com/foxhound87)", "repository": { "type": "git", "url": "git://github.com/foxhound87/rfx-stack.git" @@ -16,28 +15,24 @@ "build:client:web": "cross-env NODE_ENV=production webpack", "build:server:web": "cross-env NODE_ENV=production webpack", "build:server:api": "cross-env NODE_ENV=production webpack", - "web:dev": - "cross-env NODE_ENV=development webpack --watch ./run/start.web.js", - "web:prod": - "cross-env NODE_ENV=production node ./run/build/start.web.bundle.js", + "web:dev": "cross-env NODE_ENV=development webpack --watch ./run/start.web.js", + "web:prod": "cross-env NODE_ENV=production node ./run/build/start.web.bundle.js", "api:dev": "cross-env NODE_ENV=development nodemon ./run/start.api.js", - "api:debug": - "cross-env NODE_ENV=development nodemon --inspect ./run/start.api.js", - "api:debug-brk": - "cross-env NODE_ENV=development nodemon --inspect --inspect-brk ./run/start.api.js", - - "api:prod": - "cross-env NODE_ENV=production node ./run/build/start.api.bundle.js", + "api:debug": "cross-env NODE_ENV=development nodemon --inspect ./run/start.api.js", + "api:debug-brk": "cross-env NODE_ENV=development nodemon --inspect --inspect-brk ./run/start.api.js", + "api:prod": "cross-env NODE_ENV=production node ./run/build/start.api.bundle.js", "seed:dev": "cross-env NODE_ENV=development node ./run/start.seeder.js", - "seed:prod": "cross-env NODE_ENV=production node ./run/start.seeder.js" + "seed:prod": "cross-env NODE_ENV=production node ./run/start.seeder.js", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" }, "dependencies": { "animate.css": "3.5.2", "autoprefixer": "6.5.3", "babel-register": "6.18.0", - "body-parser": "1.15.2", + "body-parser": "1.18.2", "classnames": "2.2.5", - "compression": "1.6.2", + "compression": "1.7.1", "cookie-parser": "1.4.3", "cors": "2.8.1", "cross-env": "3.1.3", @@ -46,7 +41,7 @@ "ejs": "2.5.5", "faker": "3.1.0", "feathers": "2.0.3", - "feathers-authentication": "1.0.2", + "feathers-authentication": "1.3.0", "feathers-authentication-client": "0.1.6", "feathers-authentication-jwt": "0.3.1", "feathers-authentication-local": "0.3.2", @@ -58,15 +53,15 @@ "feathers-mongoose": "3.6.1", "feathers-permissions": "0.1.1", "feathers-rest": "1.6.0", - "feathers-socketio": "1.4.2", + "feathers-socketio": "2.0.0", "font-awesome": "4.7.0", "getenv": "0.7.0", - "globule": "1.1.0", + "globule": "1.2.0", "isdev": "1.0.1", "isomorphic-fetch": "2.2.1", "js-cookie": "2.1.3", "jwt-decode": "2.1.0", - "lodash": "4.17.2", + "lodash": "4.17.11", "material-ui": "0.16.4", "mobx": "^3.0.2", "mobx-react": "^4.1.0", @@ -74,9 +69,9 @@ "mobx-react-form": "^1.30.0", "mobx-react-form-devtools": "^1.6.0", "mobx-react-matchmedia": "^1.3.1", - "moment": "2.17.1", - "mongoose": "4.7.1", - "morgan": "1.7.0", + "moment": "2.19.3", + "mongoose": "4.13.17", + "morgan": "1.9.1", "normalize.css": "5.0.0", "react": "15.4.2", "react-dom": "15.4.2", @@ -89,12 +84,13 @@ "react-tap-event-plugin": "2.0.1", "react-timeago": "3.1.3", "rfx-core": "^1.5.3", - "serve-static": "1.11.1", - "socket.io-client": "1.7.2", + "serve-static": "1.13.0", + "socket.io-client": "2.0.2", "tachyons": "4.6.1", "uuid": "3.0.1", "validatorjs": "3.11.0", - "winston": "2.3.0" + "winston": "2.3.0", + "snyk": "^1.150.0" }, "peerDependencies": { "react": "15.4.2", @@ -151,5 +147,6 @@ "webpack-merge": "2.3.1", "webpack-node-externals": "1.5.4", "whatwg-fetch": "2.0.1" - } + }, + "snyk": true }