From e771b829a06ed15fd381c3bbc2e309d736055414 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 3 Oct 2017 03:00:17 +0000 Subject: [PATCH] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/npm:debug:20170905 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:debug:20170905 Latest report for lisong/code-push-server: https://snyk.io/test/github/lisong/code-push-server --- .snyk | 8 ++++++++ package.json | 12 ++++++++---- 2 files changed, 16 insertions(+), 4 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 00000000..f17f9706 --- /dev/null +++ b/.snyk @@ -0,0 +1,8 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.7.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:debug:20170905': + - extract-zip > debug: + patched: '2017-10-03T03:00:17.248Z' diff --git a/package.json b/package.json index 0e760010..f47e15ea 100644 --- a/package.json +++ b/package.json @@ -35,7 +35,9 @@ "upgrade": "node ./bin/db upgrade", "test": "make test", "test-win": "mocha test/api/init test/api/users test/api/auth test/api/account test/api/accessKeys test/api/sessions test/api/apps test/api/index --recursive --timeout 15000", - "coverage": "make coverage" + "coverage": "make coverage", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" }, "dependencies": { "aliyun-oss-upload-stream": "^1.3.0", @@ -54,7 +56,7 @@ "i18n": "^0.8.3", "jsonwebtoken": "^7.1.7", "lodash": "^4.5.1", - "log4js": "^1.1.0", + "log4js": "^2.0.0", "markdown-it": "^8.0.1", "moment": "^2.14.1", "morgan": "^1.7.0", @@ -71,7 +73,8 @@ "slash": "^1.0.0", "validator": "^7.0.0", "yargs": "^8.0.2", - "yazl": "^2.3.0" + "yazl": "^2.3.0", + "snyk": "^1.42.3" }, "devDependencies": { "istanbul": "^0.4.5", @@ -93,5 +96,6 @@ "app.js", "README.md", "LICENSE" - ] + ], + "snyk": true }