Skip to content
This repository has been archived by the owner on May 22, 2024. It is now read-only.

Snyk Fixup Patch #177

Closed
wants to merge 76 commits into from
Closed

Snyk Fixup Patch #177

wants to merge 76 commits into from

Conversation

brcaswell
Copy link
Contributor

  • Adds snyk file
  • Adds snyk package and scripts
    • In respect to Static\Dynamic Application Security Testing (SAST \ DAST), adds automated, continuous integration security support
  • npm package version bumping (as determined by synk bot and dependabot)

Includes the following PR's and their respective branches:
#109 #112 #113 #114 #115 #116 #117 #118 #120 #121 #123 #126 #128 #130 #134 #135 #136 #138 #139 #146 #148 #149 #150 #151 #152 #153 #154 #155 #158 #160 #161 #162 #165 #166 #168 #172

resolves #176

snyk-bot and others added 30 commits January 19, 2018 23:06
fix: package.json to reduce vulnerabilities
10455af 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/npm:bootstrap:20160627

Latest report for cblanc/sws_gathers:
https://snyk.io/test/github/cblanc/sws_gathers
@snyk-bot
fix: package.json to reduce vulnerabilities
e493811 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/npm:bson:20180225

Latest report for cblanc/sws_gathers:
https://snyk.io/test/github/cblanc/sws_gathers
@snyk-bot
fix: package.json to reduce vulnerabilities
690959f 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/npm:https-proxy-agent:20180402

Latest report for cblanc/sws_gathers:
https://snyk.io/test/github/cblanc/sws_gathers
@snyk-bot
fix: package.json to reduce vulnerabilities
7790691 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/npm:mime:20170907
@snyk-bot
fix: package.json to reduce vulnerabilities
c386cb5 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/npm:cryptiles:20180710
@snyk-bot
fix: package.json to reduce vulnerabilities
283e3e1 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/npm:braces:20180219
- https://snyk.io/vuln/npm:debug:20170905
- https://snyk.io/vuln/npm:ms:20170412
@snyk-bot
fix: package.json to reduce vulnerabilities
1c644a0 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/npm:react-dom:20180802
@snyk-bot
fix: package.json to reduce vulnerabilities
edcaca6 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/npm:braces:20180219
@snyk-bot
fix: package.json to reduce vulnerabilities
195900c 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MORGAN-72579
@snyk-bot
fix: package.json to reduce vulnerabilities
a3b43ca 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/npm:bootstrap:20160627
- https://snyk.io/vuln/npm:concat-stream:20160901
- https://snyk.io/vuln/npm:debug:20170905
- https://snyk.io/vuln/npm:extend:20180424
- https://snyk.io/vuln/npm:jquery:20150627
- https://snyk.io/vuln/npm:mime:20170907
- https://snyk.io/vuln/npm:ms:20170412
@snyk-bot
fix: package.json to reduce vulnerabilities
8cfbb38 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MPATH-72672
@snyk-bot
fix: package.json to reduce vulnerabilities
e4440b9 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/npm:extend:20180424
@snyk-bot
fix: package.json to reduce vulnerabilities
fe48831 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-72889
- https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-72890
@snyk-bot
fix: package.json to reduce vulnerabilities
bda6a28 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/npm:bootstrap:20180529
@snyk-bot
fix: package.json & package-lock.json to reduce vulnerabilities
00d97a8 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/npm:bootstrap:20180529
@snyk-bot
fix: package.json & package-lock.json to reduce vulnerabilities
b2911dd 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-173692
@snyk-bot
fix: package.json & package-lock.json to reduce vulnerabilities
15ccaf3 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-173700
@snyk-bot
fix: package.json & package-lock.json to reduce vulnerabilities
0f72089 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-JQUERY-174006
@snyk-bot
fix: package.json & package-lock.json to reduce vulnerabilities
f0525a7 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-174183
fix: .snyk, package.json & package-lock.json to reduce vulnerabilities
9fdd9db 
The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/SNYK-JS-LODASH-450202
@snyk-bot
fix: package.json & package-lock.json to reduce vulnerabilities
2d03b39 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-469063
@snyk-bot
fix: package.json & package-lock.json to reduce vulnerabilities
2f6acf9 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-HTTPSPROXYAGENT-469131
@snyk-bot
fix: package.json & package-lock.json to reduce vulnerabilities
d79e416 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MONGOOSE-472486
@snyk-bot
fix: package.json & package-lock.json to reduce vulnerabilities
d504359 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MONGODB-473855
@snyk-bot
fix: package.json & package-lock.json to reduce vulnerabilities
5fc20c6 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534478
@snyk-bot
fix: package.json & package-lock.json to reduce vulnerabilities
468e93e 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534988
@snyk-bot
fix: package.json & package-lock.json to reduce vulnerabilities
5901ec6 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/npm:braces:20180219
- https://snyk.io/vuln/npm:clean-css:20180306
@snyk-bot
fix: package.json & package-lock.json to reduce vulnerabilities
ef3eb18 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-KINDOF-537849
@snyk-bot
fix: package.json & package-lock.json to reduce vulnerabilities
baaa423 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
@snyk-bot
fix: package.json & package-lock.json to reduce vulnerabilities
0414935 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-JQUERY-565129
@brcaswell
Merge remote-tracking branch 'parent-cblanc/snyk-fix-ch1428' into sny…
901d1a6 
…k-fixup

* parent-cblanc/snyk-fix-ch1428:
  fix: package.json to reduce vulnerabilities

# Conflicts:
#	package.json
@brcaswell
Merge remote-tracking branch 'parent-cblanc/snyk-fix-atk16s' into sny…
b77232f 
…k-fixup

* parent-cblanc/snyk-fix-atk16s:
  fix: package.json to reduce vulnerabilities

# Conflicts:
#	package.json
@brcaswell
Merge remote-tracking branch 'parent-cblanc/snyk-fix-domvsp' into sny…
2f2c30d 
…k-fixup

* parent-cblanc/snyk-fix-domvsp:
  fix: package.json to reduce vulnerabilities

# Conflicts:
#	package.json
@brcaswell
Merge remote-tracking branch 'parent-cblanc/snyk-fix-i7ttxq' into sny…
83a8582 
…k-fixup

* parent-cblanc/snyk-fix-i7ttxq:
  fix: package.json & package-lock.json to reduce vulnerabilities

# Conflicts:
#	package-lock.json
#	package.json
@brcaswell
Merge remote-tracking branch 'parent-cblanc/snyk-fix-87u42u' into sny…
589d73f 
…k-fixup

* parent-cblanc/snyk-fix-87u42u:
  fix: package.json & package-lock.json to reduce vulnerabilities

# Conflicts:
#	package-lock.json
#	package.json
@brcaswell
Merge remote-tracking branch 'parent-cblanc/snyk-fix-9uw8hg' into sny…
61d70b9 
…k-fixup

* parent-cblanc/snyk-fix-9uw8hg:
  fix: package.json & package-lock.json to reduce vulnerabilities

# Conflicts:
#	package-lock.json
#	package.json
@brcaswell
Merge remote-tracking branch 'parent-cblanc/snyk-fix-2r55vp' into sny…
a53c2ba 
…k-fixup

* parent-cblanc/snyk-fix-2r55vp:
  fix: package.json & package-lock.json to reduce vulnerabilities

# Conflicts:
#	package-lock.json
#	package.json
@brcaswell
Merge remote-tracking branch 'parent-cblanc/snyk-fix-tych60' into sny…
e59826e 
…k-fixup

* parent-cblanc/snyk-fix-tych60:
  fix: package.json & package-lock.json to reduce vulnerabilities

# Conflicts:
#	package-lock.json
#	package.json
@brcaswell
Merge remote-tracking branch 'parent-cblanc/snyk-fix-ab91c8bc377a3ac3…
5ae6b4c 
…b9e7f4f5144e47e4' into snyk-fixup

* parent-cblanc/snyk-fix-ab91c8bc377a3ac3b9e7f4f5144e47e4:
  fix: .snyk, package.json & package-lock.json to reduce vulnerabilities

# Conflicts:
#	package-lock.json
@brcaswell
Merge remote-tracking branch 'parent-cblanc/snyk-fix-91876af1f3d60f63…
056b9ee 
…dddf9330f2fe1387' into snyk-fixup

* parent-cblanc/snyk-fix-91876af1f3d60f63dddf9330f2fe1387:
  fix: package.json & package-lock.json to reduce vulnerabilities

# Conflicts:
#	package-lock.json
#	package.json
@brcaswell
Merge remote-tracking branch 'parent-cblanc/snyk-fix-9868b5023fccf1b1…
e00c88a 
…fd58a9f87472fa7a' into snyk-fixup

* parent-cblanc/snyk-fix-9868b5023fccf1b1fd58a9f87472fa7a:
  fix: package.json & package-lock.json to reduce vulnerabilities

# Conflicts:
#	package-lock.json
#	package.json
@brcaswell
Merge remote-tracking branch 'parent-cblanc/snyk-fix-8117a99069343347…
f61b44c 
…ed545a2481362a51' into snyk-fixup

* parent-cblanc/snyk-fix-8117a99069343347ed545a2481362a51:
  fix: package.json & package-lock.json to reduce vulnerabilities

# Conflicts:
#	package-lock.json
#	package.json
@brcaswell
Merge remote-tracking branch 'parent-cblanc/snyk-fix-e71f02e2f9c9b5f8…
0ded365 
…cb6bbc48d8140cec' into snyk-fixup

* parent-cblanc/snyk-fix-e71f02e2f9c9b5f8cb6bbc48d8140cec:
  fix: package.json & package-lock.json to reduce vulnerabilities

# Conflicts:
#	package-lock.json
#	package.json
@brcaswell
Merge remote-tracking branch 'parent-cblanc/snyk-fix-fea34438536bc31b…
d09f7f9 
…ab03e814ad41de0a' into snyk-fixup

* parent-cblanc/snyk-fix-fea34438536bc31bab03e814ad41de0a:
  fix: package.json & package-lock.json to reduce vulnerabilities

# Conflicts:
#	package-lock.json
#	package.json
@brcaswell
Merge remote-tracking branch 'parent-cblanc/snyk-fix-a3399170c88de66e…
3e0d00e 
…58d813564c8f5ab4' into snyk-fixup

* parent-cblanc/snyk-fix-a3399170c88de66e58d813564c8f5ab4:
  fix: package.json & package-lock.json to reduce vulnerabilities

# Conflicts:
#	package-lock.json
#	package.json
@brcaswell
Merge remote-tracking branch 'parent-cblanc/snyk-fix-4cc2e86fd0ebd494…
468a652 
…a659b37ac268fc99' into snyk-fixup

* parent-cblanc/snyk-fix-4cc2e86fd0ebd494a659b37ac268fc99:
  fix: package.json & package-lock.json to reduce vulnerabilities

# Conflicts:
#	package-lock.json
#	package.json
@brcaswell
Merge remote-tracking branch 'parent-cblanc/snyk-fix-9715381c80c3d45c…
376fbf9 
…e55a4ffeb5f0ec86' into snyk-fixup

* parent-cblanc/snyk-fix-9715381c80c3d45ce55a4ffeb5f0ec86:
  fix: package.json & package-lock.json to reduce vulnerabilities

# Conflicts:
#	package-lock.json
#	package.json
@brcaswell
Merge remote-tracking branch 'parent-cblanc/snyk-fix-db73b282c019961c…
774807e 
…5cdeb5ea9096f903' into snyk-fixup

* parent-cblanc/snyk-fix-db73b282c019961c5cdeb5ea9096f903:
  fix: package.json & package-lock.json to reduce vulnerabilities
@brcaswell
Merge remote-tracking branch 'parent-cblanc/snyk-fix-43e620bb59ec3fa3…
4481567 
…5f2e93c9ddb0ebf5' into snyk-fixup

* parent-cblanc/snyk-fix-43e620bb59ec3fa35f2e93c9ddb0ebf5:
  fix: package.json & package-lock.json to reduce vulnerabilities

# Conflicts:
#	package-lock.json
#	package.json
@brcaswell
Merge remote-tracking branch 'parent-cblanc/snyk-fix-28b961f8206cab11…
2cd16fb 
…afe374f674305e06' into snyk-fixup

* parent-cblanc/snyk-fix-28b961f8206cab11afe374f674305e06:
  fix: package.json & package-lock.json to reduce vulnerabilities
  fix: package.json & package-lock.json to reduce vulnerabilities

# Conflicts:
#	package-lock.json
#	package.json
@brcaswell
Merge remote-tracking branch 'parent-cblanc/snyk-fix-794739e93ca265ea…
3633d06 
…3d7f45b63934f550' into snyk-fixup

* parent-cblanc/snyk-fix-794739e93ca265ea3d7f45b63934f550:
  fix: package.json, package-lock.json & .snyk to reduce vulnerabilities
  fix: package.json, package-lock.json & .snyk to reduce vulnerabilities
  fix: package.json, package-lock.json & .snyk to reduce vulnerabilities

# Conflicts:
#	.snyk
#	package-lock.json
#	package.json
@brcaswell
Merge remote-tracking branch 'parent-cblanc/dependabot/npm_and_yarn/l…
4825cbf 
…odash-4.17.19' into snyk-fixup

* parent-cblanc/dependabot/npm_and_yarn/lodash-4.17.19:
  Bump lodash from 4.17.16 to 4.17.19

# Conflicts:
#	package-lock.json
#	package.json
@brcaswell
Merge remote-tracking branch 'parent-cblanc/snyk-fix-34120c701229b4f1…
912df0e 
…999b5758c8ddb76b' into snyk-fixup

* parent-cblanc/snyk-fix-34120c701229b4f1999b5758c8ddb76b:
  fix: package.json & package-lock.json to reduce vulnerabilities

# Conflicts:
#	package-lock.json
#	package.json
@brcaswell
Merge remote-tracking branch 'parent-cblanc/dependabot/npm_and_yarn/e…
c9abaa0 
…lliptic-6.5.3' into snyk-fixup

* parent-cblanc/dependabot/npm_and_yarn/elliptic-6.5.3:
  Bump elliptic from 6.4.1 to 6.5.3

# Conflicts:
#	package-lock.json
@brcaswell
Merge remote-tracking branch 'parent-cblanc/snyk-fix-710cdf36165851b0…
30979b8 
…ede4f55ce9ae5d18' into snyk-fixup

* parent-cblanc/snyk-fix-710cdf36165851b0ede4f55ce9ae5d18:
  fix: package.json & package-lock.json to reduce vulnerabilities

# Conflicts:
#	package-lock.json
#	package.json
@brcaswell
rebuild package-lock to successfully perform npm ci
d25099e
@brcaswell
Copy link
Contributor Author

brcaswell commented Aug 24, 2020
edited
Loading

Here's some additional info for some of these changes the bot looks to be introducing.
snyk package info: https://www.npmjs.com/package/snyk
.snyk file doc: https://support.snyk.io/hc/en-us/articles/360007487097-The-snyk-file

Also, A squash merge may be a good consideration here. And we may want to consider creating a temporary staging\candidate branch in this repo to facilitate this sort of PR and stale branch\PR fixup effort.

brcaswell
brcaswell commented Aug 28, 2020
View reviewed changes
Copy link
Contributor Author

@brcaswell brcaswell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As noted by the automated PR's, some of these updates have the potential to cause breaking changes. Thorough testing is going to be required before acceptance.

package.json Show resolved Hide resolved
@Absurdon
Copy link
Collaborator

I based of of this pr to do the dockerization. Multiple Changes were needed as React.createClass has been removed

@Absurdon Absurdon closed this Oct 11, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Create Fixup branch for stale and active Synk branches
3 participants
@brcaswell @Absurdon @snyk-bot