From 3402398034390d8da69927c756911d0243aa8627 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sun, 16 Apr 2023 22:58:09 +0000 Subject: [PATCH] fix: packages/server/package.json & packages/server/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-LODASH-1018905 - https://snyk.io/vuln/SNYK-JS-LODASH-1040724 - https://snyk.io/vuln/SNYK-JS-LODASH-450202 - https://snyk.io/vuln/SNYK-JS-LODASH-567746 - https://snyk.io/vuln/SNYK-JS-LODASH-608086 - https://snyk.io/vuln/SNYK-JS-LODASH-73638 - https://snyk.io/vuln/SNYK-JS-LODASH-73639 - https://snyk.io/vuln/SNYK-JS-UGLIFYJS-1727251 - https://snyk.io/vuln/npm:braces:20180219 - https://snyk.io/vuln/npm:debug:20170905 - https://snyk.io/vuln/npm:lodash:20180130 - https://snyk.io/vuln/npm:uglify-js:20151024 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:lodash:20180130 - https://snyk.io/vuln/npm:tar:20151103 --- packages/server/.snyk | 11 +++++++++++ packages/server/package.json | 22 +++++++++++++--------- 2 files changed, 24 insertions(+), 9 deletions(-) create mode 100644 packages/server/.snyk diff --git a/packages/server/.snyk b/packages/server/.snyk new file mode 100644 index 000000000000..902ca584d30e --- /dev/null +++ b/packages/server/.snyk @@ -0,0 +1,11 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.25.0 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:lodash:20180130': + - cli-table2 > lodash: + patched: '2023-04-16T22:58:04.928Z' + 'npm:tar:20151103': + - node-webkit-updater > tar.gz > tar: + patched: '2023-04-16T22:58:04.928Z' diff --git a/packages/server/package.json b/packages/server/package.json index 1eed841a88da..211ffa9949d2 100644 --- a/packages/server/package.json +++ b/packages/server/package.json @@ -22,7 +22,9 @@ "test-debug": "NODE_ENV=test NODE_DEBUG=request CYPRESS_ENV=test BLUEBIRD_DEBUG=1 DEBUG=nock.*,-nock.common,socket.io:* node --inspect --debug-brk ./node_modules/.bin/_mocha --opts test/support/mocha.opts --watch", "codecov": "codecov", "coveralls": "cat ./coverage/lcov.info | coveralls", - "lint": "bin-up coffeelint test/*.coffee test/unit/*.coffee test/integration/*.coffee" + "lint": "bin-up coffeelint test/*.coffee test/unit/*.coffee test/integration/*.coffee", + "prepublish": "npm run snyk-protect", + "snyk-protect": "snyk-protect" }, "files": [ "config", @@ -80,7 +82,7 @@ "xvfb-maybe": "cypress-io/xvfb-maybe#c4a810c42d603949cd63b8cf245f6c239331d370" }, "dependencies": { - "@cypress/browserify-preprocessor": "1.1.0", + "@cypress/browserify-preprocessor": "2.1.1", "@cypress/commit-info": "2.0.0", "@cypress/icons": "0.5.4", "@cypress/mocha-teamcity-reporter": "^1.0.0", @@ -91,7 +93,7 @@ "chai": "^1.9.2", "chalk": "^2.4.1", "check-more-types": "^2.24.0", - "chokidar": "1.6.0", + "chokidar": "2.0.0", "cjsxify": "^0.3.0", "clear-module": "^2.1.0", "cli-table2": "^0.2.0", @@ -117,7 +119,7 @@ "glob": "7.1.2", "graceful-fs": "^4.1.11", "gulp-util": "^3.0.6", - "hbs": "4.0.0", + "hbs": "4.0.2", "http-accept": "^0.1.6", "http-proxy": "1.17.0", "http-status-codes": "^1.0.6", @@ -129,14 +131,14 @@ "konfig": "^0.2.0", "lazy-ass": "^1.6.0", "lockfile": "^1.0.3", - "lodash": "4.17.4", + "lodash": "4.17.21", "log-symbols": "^2.2.0", "md5": "^2.2.1", "method-override": "^2.3.1", "mime": "1.2.11", "minimatch": "^3.0.0", "minimist": "^1.1.2", - "mocha": "2.4.5", + "mocha": "4.0.0", "mocha-junit-reporter": "1.17.0", "moment": "^2.14.1", "morgan": "1.3.0", @@ -158,7 +160,7 @@ "return-deep-diff": "^0.2.9", "sanitize-filename": "^1.6.1", "semver": "^5.3.0", - "send": "^0.14.1", + "send": "^0.15.6", "server-destroy": "1.0.1", "shell-env": "^0.3.0", "signal-exit": "^3.0.2", @@ -176,6 +178,8 @@ "underscore.string": "3.3.4", "url-parse": "^1.1.7", "widest-line": "^2.0.0", - "winston": "^0.9.0" - } + "winston": "^0.9.0", + "@snyk/protect": "latest" + }, + "snyk": true }