From 511db74f70c5a0b783ccd7367184ac5b8995f410 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 7 Oct 2022 17:01:54 +0000 Subject: [PATCH] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AJV-584908 - https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908 - https://snyk.io/vuln/SNYK-JS-BL-608877 - https://snyk.io/vuln/SNYK-JS-BSON-561052 - https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905 - https://snyk.io/vuln/SNYK-JS-HAWK-2808852 - https://snyk.io/vuln/SNYK-JS-JSYAML-173999 - https://snyk.io/vuln/SNYK-JS-JSYAML-174129 - https://snyk.io/vuln/SNYK-JS-LODASH-1018905 - https://snyk.io/vuln/SNYK-JS-LODASH-1040724 - https://snyk.io/vuln/SNYK-JS-LODASH-450202 - https://snyk.io/vuln/SNYK-JS-LODASH-567746 - https://snyk.io/vuln/SNYK-JS-LODASH-608086 - https://snyk.io/vuln/SNYK-JS-LODASH-73638 - https://snyk.io/vuln/SNYK-JS-LODASH-73639 - https://snyk.io/vuln/SNYK-JS-LODASHMERGE-173732 - https://snyk.io/vuln/SNYK-JS-LODASHMERGE-173733 - https://snyk.io/vuln/SNYK-JS-LOOPBACKCONNECTORMONGODB-73555 - https://snyk.io/vuln/SNYK-JS-MINIMATCH-1019388 - https://snyk.io/vuln/SNYK-JS-MOMENT-2440688 - https://snyk.io/vuln/SNYK-JS-MONGODB-473855 - https://snyk.io/vuln/SNYK-JS-MORGAN-72579 - https://snyk.io/vuln/SNYK-JS-NCONF-2395478 - https://snyk.io/vuln/SNYK-JS-NODEMAILER-1038834 - https://snyk.io/vuln/SNYK-JS-NODEMAILER-1296415 - https://snyk.io/vuln/SNYK-JS-NODENOTIFIER-1035794 - https://snyk.io/vuln/SNYK-JS-PASSPORT-2840631 - https://snyk.io/vuln/SNYK-JS-RAMDA-1582370 - https://snyk.io/vuln/SNYK-JS-SANITIZEHTML-2957526 - https://snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-536840 - https://snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-570062 - https://snyk.io/vuln/SNYK-JS-SHELLJS-2332187 - https://snyk.io/vuln/SNYK-JS-TRIMNEWLINES-1298042 - https://snyk.io/vuln/SNYK-JS-UGLIFYJS-1727251 - https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090599 - https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090600 - https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090601 - https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090602 - https://snyk.io/vuln/npm:base64-url:20180512 - https://snyk.io/vuln/npm:braces:20180219 - https://snyk.io/vuln/npm:debug:20170905 - https://snyk.io/vuln/npm:eslint:20180222 - https://snyk.io/vuln/npm:fresh:20170908 - https://snyk.io/vuln/npm:growl:20160721 - https://snyk.io/vuln/npm:hawk:20160119 - https://snyk.io/vuln/npm:hoek:20180212 - https://snyk.io/vuln/npm:http-signature:20150122 - https://snyk.io/vuln/npm:lodash:20180130 - https://snyk.io/vuln/npm:loopback:20171027 - https://snyk.io/vuln/npm:mem:20180117 - https://snyk.io/vuln/npm:mime:20170907 - https://snyk.io/vuln/npm:minimatch:20160620 - https://snyk.io/vuln/npm:moment:20160126 - https://snyk.io/vuln/npm:moment:20161019 - https://snyk.io/vuln/npm:moment:20170905 - https://snyk.io/vuln/npm:ms:20151024 - https://snyk.io/vuln/npm:ms:20170412 - https://snyk.io/vuln/npm:negotiator:20160616 - https://snyk.io/vuln/npm:qs:20170213 - https://snyk.io/vuln/npm:react:20150318 - https://snyk.io/vuln/npm:request:20160119 - https://snyk.io/vuln/npm:send:20151103 - https://snyk.io/vuln/npm:tunnel-agent:20170305 - https://snyk.io/vuln/npm:uglify-js:20151024 - https://snyk.io/vuln/npm:validator:20150313 - https://snyk.io/vuln/npm:validator:20160218 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:hawk:20160119 - https://snyk.io/vuln/npm:http-signature:20150122 - https://snyk.io/vuln/npm:lodash:20180130 - https://snyk.io/vuln/npm:mime:20170907 - https://snyk.io/vuln/npm:minimatch:20160620 - https://snyk.io/vuln/npm:request:20160119 - https://snyk.io/vuln/npm:tunnel-agent:20170305 - https://snyk.io/vuln/npm:uglify-js:20151024 --- .snyk | 41 +++++++++++++++++++++++++ package.json | 86 +++++++++++++++++++++++++++------------------------- 2 files changed, 86 insertions(+), 41 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 00000000000000..8264ed7d85caf6 --- /dev/null +++ b/.snyk @@ -0,0 +1,41 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.25.0 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:hawk:20160119': + - yui > request > hawk: + patched: '2022-10-07T17:01:40.742Z' + 'npm:http-signature:20150122': + - yui > request > http-signature: + patched: '2022-10-07T17:01:40.742Z' + 'npm:lodash:20180130': + - babel-core > babel-plugin-proto-to-assign > lodash: + patched: '2022-10-07T17:01:40.742Z' + - thundercats > stampit > lodash: + patched: '2022-10-07T17:01:40.742Z' + - babel > babel-core > babel-plugin-proto-to-assign > lodash: + patched: '2022-10-07T17:01:40.742Z' + - babel-eslint > babel-core > babel-plugin-proto-to-assign > lodash: + patched: '2022-10-07T17:01:40.742Z' + - babel-loader > babel-core > babel-plugin-proto-to-assign > lodash: + patched: '2022-10-07T17:01:40.742Z' + 'npm:mime:20170907': + - yui > request > form-data > mime: + patched: '2022-10-07T17:01:40.742Z' + 'npm:minimatch:20160620': + - gulp > vinyl-fs > glob-stream > minimatch: + patched: '2022-10-07T17:01:40.742Z' + - gulp > vinyl-fs > glob-watcher > gaze > globule > minimatch: + patched: '2022-10-07T17:01:40.742Z' + - gulp > vinyl-fs > glob-watcher > gaze > globule > glob > minimatch: + patched: '2022-10-07T17:01:40.742Z' + 'npm:request:20160119': + - yui > request: + patched: '2022-10-07T17:01:40.742Z' + 'npm:tunnel-agent:20170305': + - yui > request > tunnel-agent: + patched: '2022-10-07T17:01:40.742Z' + 'npm:uglify-js:20151024': + - jade > transformers > uglify-js: + patched: '2022-10-07T17:01:40.742Z' diff --git a/package.json b/package.json index c25217b95f1f48..d48d55a140f883 100644 --- a/package.json +++ b/package.json @@ -17,111 +17,114 @@ "lint-nonprofits": "jsonlint -q seed/nonprofits.json", "test-challenges": "babel-node seed/test-challenges.js | tnyan", "pretest": "npm run lint-challenges && npm run lint-nonprofits", - "test": "npm run test-challenges" + "test": "npm run test-challenges", + "prepublish": "npm run snyk-protect", + "snyk-protect": "snyk-protect" }, "license": "(BSD-3-Clause AND CC-BY-SA-4.0)", "dependencies": { - "accepts": "~1.2.5", + "accepts": "~1.3.3", "async": "~0.9.0", - "babel": "5.8.23", - "babel-core": "5.8.23", - "babel-eslint": "4.1.1", - "babel-loader": "5.2.2", + "babel": "6.0.0", + "babel-core": "6.10.4", + "babel-eslint": "4.1.7", + "babel-loader": "6.0.0", "bcrypt-nodejs": "~0.0.3", "body-parser": "^1.13.2", "chai-jquery": "~2.0.0", - "cheerio": "~0.18.0", + "cheerio": "~0.20.0", "classnames": "^2.1.2", "clockwork": "~0.1.1", - "compression": "~1.2.1", - "connect-mongo": "~0.7.0", + "compression": "~1.7.1", + "connect-mongo": "~3.0.0", "cookie-parser": "~1.3.3", "csso": "~1.3.11", - "dateformat": "~1.0.11", - "debug": "~2.1.0", + "dateformat": "~2.0.0", + "debug": "~2.6.9", "dedent": "^0.4.0", "dotenv": "~0.4.0", - "errorhandler": "~1.3.0", + "errorhandler": "~1.4.3", "es6-map": "^0.1.1", - "eslint": "^1.1.0", + "eslint": "^7.3.0", "eslint-plugin-react": "^3.2.1", - "express": "~4.10.4", + "express": "~4.16.0", "express-flash": "~0.0.2", - "express-session": "~1.9.2", - "express-state": "^1.2.0", - "express-validator": "~2.8.0", + "express-session": "~1.15.6", + "express-state": "^2.0.0", + "express-validator": "~6.5.0", "fetchr": "^0.5.12", "font-awesome": "~4.3.0", - "forever": "~0.14.1", + "forever": "~4.0.0", "frameguard": "^0.2.2", "github-api": "~0.7.0", - "gulp": "~3.8.8", - "gulp-eslint": "~0.9.0", + "gulp": "~4.0.0", + "gulp-eslint": "~1.0.0", "gulp-inject": "~1.0.2", "gulp-jsonlint": "^1.1.0", - "gulp-less": "^3.0.3", + "gulp-less": "^5.0.0", "gulp-minify-css": "~0.5.1", "gulp-nodemon": "^2.0.3", - "gulp-notify": "^2.2.0", + "gulp-notify": "^3.0.0", "gulp-plumber": "^1.0.1", "gulp-reduce-file": "0.0.1", "gulp-rev": "^6.0.1", "gulp-rev-replace": "^0.4.2", "gulp-util": "^3.0.6", "gulp-webpack": "^1.5.0", - "helmet": "~0.9.0", + "helmet": "~3.8.2", "helmet-csp": "^0.2.3", "history": "^1.9.0", "jade": "~1.8.0", "json-loader": "^0.5.2", "less": "~2.5.1", - "lodash": "^3.9.3", - "loopback": "^2.22.0", + "lodash": "^4.17.21", + "loopback": "^3.28.0", "loopback-boot": "^2.13.0", "loopback-component-passport": "https://github.com/FreeCodeCamp/loopback-component-passport.git#feature/flashfailure", - "loopback-connector-mongodb": "^1.10.0", + "loopback-connector-mongodb": "^3.6.0", "lusca": "~1.0.2", "method-override": "~2.3.0", - "moment": "~2.10.2", - "mongodb": "^2.0.33", - "morgan": "~1.5.0", + "moment": "~2.29.2", + "mongodb": "^3.1.13", + "morgan": "~1.9.1", "node-libs-browser": "^0.5.2", "node-slack": "0.0.7", "node-uuid": "^1.4.3", - "nodemailer": "~1.3.0", + "nodemailer": "~6.6.1", "normalize-url": "^1.3.1", "object.assign": "^3.0.0", "passport-facebook": "^2.0.0", - "passport-github": "^0.1.5", + "passport-github": "^1.0.0", "passport-google-oauth2": "^0.1.6", "passport-linkedin-oauth2": "^1.2.1", "passport-local": "^1.0.0", "passport-oauth": "^1.0.0", "passport-twitter": "^1.0.3", "pmx": "^0.3.16", - "ramda": "~0.10.0", - "react": "^0.13.3", + "ramda": "~0.27.2", + "react": "^0.14.0", "react-bootstrap": "~0.23.7", "react-motion": "~0.1.0", "react-router": "https://github.com/BerkeleyTrue/react-router.git#freecodecamp", "react-router-bootstrap": "^0.19.2", "react-vimeo": "^0.0.3", - "request": "~2.53.0", - "rev-del": "^1.0.5", + "request": "~2.87.0", + "rev-del": "^2.0.0", "rx": "^4.0.0", - "sanitize-html": "~2.3.2", + "sanitize-html": "~2.7.1", "sort-keys": "^1.1.1", "source-map-support": "^0.3.2", "store": "https://github.com/berkeleytrue/store.js.git#feature/noop-server", "thundercats": "^3.0.0", "thundercats-react": "^0.3.0", "twit": "~1.1.20", - "uglify-js": "~2.4.15", + "uglify-js": "~3.14.3", "url-regex": "^3.0.0", - "validator": "^3.22.1", - "webpack": "^1.9.12", + "validator": "^13.7.0", + "webpack": "^3.0.0", "xss-filters": "^1.2.6", - "yui": "~3.18.1" + "yui": "~3.18.1", + "@snyk/protect": "latest" }, "devDependencies": { "blessed": "~0.0.37", @@ -140,5 +143,6 @@ "tap-nyan": "0.0.2", "tape": "^4.2.2", "vinyl-source-stream": "^1.1.0" - } + }, + "snyk": true }