fix: .snyk & package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-HELMETCSP-469436 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-HTTPSPROXYAGENT-469131
icebob · Oct 3, 2019 · b31e8a7 · b31e8a7
1 parent 2310854
commit b31e8a7
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 3 deletions.
diff --git a/.snyk b/.snyk
@@ -1,5 +1,5 @@
 # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
-version: v1.12.0
+version: v1.13.5
 ignore: {}
 # patches apply the minimum changes required to fix a vulnerability
 patch:
@@ -69,3 +69,12 @@ patch:
         patched: '2018-06-21T02:58:21.837Z'
     - node-sass > node-gyp > request > hawk > cryptiles > boom > hoek:
         patched: '2018-06-21T02:58:21.837Z'
+  SNYK-JS-HTTPSPROXYAGENT-469131:
+    - snyk > proxy-agent > https-proxy-agent:
+        patched: '2019-10-03T22:41:48.298Z'
+    - snyk > proxy-agent > pac-proxy-agent > https-proxy-agent:
+        patched: '2019-10-03T22:41:48.298Z'
+    - nodemailer-mailgun-transport > mailgun-js > proxy-agent > https-proxy-agent:
+        patched: '2019-10-03T22:41:48.298Z'
+    - nodemailer-mailgun-transport > mailgun-js > proxy-agent > pac-proxy-agent > https-proxy-agent:
+        patched: '2019-10-03T22:41:48.298Z'
diff --git a/package.json b/package.json
@@ -70,7 +70,7 @@
     "graphql-subscriptions": "0.5.8",
     "graphql-tools": "3.1.1",
     "hashids": "1.1.4",
-    "helmet": "3.13.0",
+    "helmet": "3.21.1",
     "helmet-crossdomain": "0.3.0",
     "i18next": "11.6.0",
     "i18next-express-middleware": "1.3.2",
@@ -103,7 +103,7 @@
     "require-webpack-compat": "3.0.0",
     "serve-favicon": "2.5.0",
     "slug": "0.9.2",
-    "snyk": "1.94.0",
+    "snyk": "^1.230.5",
     "socket.io": "2.1.1",
     "socket.io-client": "2.1.1",
     "uuid-token-generator": "1.0.0",