From d2bd92e3a15fbf7fe4a8e903ae8b994a42f53a6c Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 1 May 2020 05:27:18 +0100 Subject: [PATCH 1/2] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-JQUERY-567880 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- package.json | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/package.json b/package.json index 1be7c42b..29af7c39 100644 --- a/package.json +++ b/package.json @@ -9,7 +9,9 @@ "pretest": "touch client/css/app.css && echo \"module.exports={}\" >> client/js/templates.js", "test": "./node_modules/.bin/lab server/test -l -m 4000 --verbose", "test-cov": "lab server/test -c", - "lint": "standard | snazzy" + "lint": "standard | snazzy", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" }, "standard": { "ignore": [ @@ -81,7 +83,7 @@ "hoek": "^2.9.0", "icalendar": "^0.7.1", "joi": "^4.9.0", - "jquery": "^2.1.1", + "jquery": "^3.5.0", "lout": "^5.1.2", "mailcomposer": "~0.2.12", "mailgun-js": "git+https://github.com/sinfo/mailgun-js.git", @@ -98,7 +100,8 @@ "socket.io-client": "^1.2.0", "stylizer": "^1.2.0", "templatizer": "^1.5.2", - "underscore": "^1.6.0" + "underscore": "^1.6.0", + "snyk": "^1.316.1" }, "devDependencies": { "bunyan": "~1.2.1", @@ -109,5 +112,6 @@ "pre-commit": "^1.1.3", "snazzy": "^4.0.0", "standard": "^7.1.2" - } + }, + "snyk": true } From 820b01ffde2eef7f30821718b6c392de26796765 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 1 May 2020 05:27:19 +0100 Subject: [PATCH 2/2] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-JQUERY-567880 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- .snyk | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 00000000..c4821fc5 --- /dev/null +++ b/.snyk @@ -0,0 +1,24 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.14.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - ampersand-view > ampersand-dom-bindings > lodash: + patched: '2020-05-01T04:27:16.431Z' + - mailgun-js > async > lodash: + patched: '2020-05-01T04:27:16.431Z' + - ampersand-array-checkbox-view > ampersand-view > ampersand-dom-bindings > lodash: + patched: '2020-05-01T04:27:16.431Z' + - ampersand-array-input-view > ampersand-view > ampersand-dom-bindings > lodash: + patched: '2020-05-01T04:27:16.431Z' + - ampersand-fullcalendar-view > ampersand-view > ampersand-dom-bindings > lodash: + patched: '2020-05-01T04:27:16.431Z' + - ampersand-input-view > ampersand-view > ampersand-dom-bindings > lodash: + patched: '2020-05-01T04:27:16.431Z' + - ampersand-pikaday-view > ampersand-view > ampersand-dom-bindings > lodash: + patched: '2020-05-01T04:27:16.431Z' + - ampersand-infinite-scroll > ampersand-view > ampersand-dom-bindings > lodash: + patched: '2020-05-01T04:27:16.431Z' + - ampersand-array-input-view > ampersand-input-view > ampersand-view > ampersand-dom-bindings > lodash: + patched: '2020-05-01T04:27:16.431Z'