From 092dbfd81dae91d6fc4e56f21d10d6c01de8e646 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sun, 28 Oct 2018 02:52:37 +0000 Subject: [PATCH] fix: .snyk & package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/npm:fresh:20170908 - https://snyk.io/vuln/npm:minimatch:20160620 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:minimatch:20160620 --- .snyk | 8 ++++++++ package.json | 16 ++++++++++------ 2 files changed, 18 insertions(+), 6 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..06637b3 --- /dev/null +++ b/.snyk @@ -0,0 +1,8 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.12.0 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:minimatch:20160620': + - 6to5 > chokidar > readdirp > minimatch: + patched: '2018-10-28T02:52:36.052Z' diff --git a/package.json b/package.json index 08f721f..1603e9e 100644 --- a/package.json +++ b/package.json @@ -6,7 +6,9 @@ "scripts": { "start": "node lib/server.js", "test": "HOST=0.0.0.0 node_modules/mocha/bin/_mocha --timeout 15000 test/{**,**/*}/*.test.js", - "gems": "sh bootstrap.sh" + "gems": "sh bootstrap.sh", + "snyk-protect": "snyk protect", + "prepare": "npm run snyk-protect" }, "author": "Remy Sharp", "license": "MIT", @@ -14,11 +16,11 @@ "6to5": "^3.0.10", "LiveScript": "^1.2.0", "axon": "~2.0.0", - "babel-core": "^5.8.23", + "babel-core": "^6.10.4", "body-parser": "~1.0.2", "coffee-script": "~1.7.1", - "express": "~4.1.1", - "gaze": "~0.6.4", + "express": "~4.15.5", + "gaze": "~1.1.0", "jade": "^1.11.0", "less": "^2.5.1", "lynx": "0.0.11", @@ -26,10 +28,12 @@ "myth": "^1.4.0", "ps-tree": "~0.0.3", "rsvp": "~3.0.1", - "stylus": "^0.51.1" + "stylus": "^0.54.3", + "snyk": "^1.105.0" }, "devDependencies": { "mocha": "~1.18.2", "should": "~4.0.4" - } + }, + "snyk": true }