From 9bcab4c9f60312c72cd738cec3921e72b5407587 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 13 Jul 2017 17:25:35 +0000 Subject: [PATCH] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/npm:ws:20160104 - https://snyk.io/vuln/npm:ws:20160624 - https://snyk.io/vuln/npm:ws:20160920 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:ms:20170412 - https://snyk.io/vuln/npm:negotiator:20160616 Latest report for codeandsupply/supplybot: https://snyk.io/test/github/codeandsupply/supplybot --- .snyk | 41 +++++++++++++++++++++++++++++++++++++++++ package.json | 12 +++++++++--- 2 files changed, 50 insertions(+), 3 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 00000000..bc14277f --- /dev/null +++ b/.snyk @@ -0,0 +1,41 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.7.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:ms:20170412': + - hubot > express > connect > morgan > debug > ms: + patched: '2017-07-13T17:25:35.848Z' + - hubot > express > debug > ms: + patched: '2017-07-13T17:25:35.848Z' + - hubot > express > connect > body-parser > debug > ms: + patched: '2017-07-13T17:25:35.848Z' + - hubot > express > connect > compression > debug > ms: + patched: '2017-07-13T17:25:35.848Z' + - hubot > express > connect > connect-timeout > debug > ms: + patched: '2017-07-13T17:25:35.848Z' + - hubot > express > connect > debug > ms: + patched: '2017-07-13T17:25:35.848Z' + - hubot > express > connect > express-session > debug > ms: + patched: '2017-07-13T17:25:35.848Z' + - hubot > express > connect > finalhandler > debug > ms: + patched: '2017-07-13T17:25:35.848Z' + - hubot > express > send > debug > ms: + patched: '2017-07-13T17:25:35.848Z' + - hubot > express > connect > serve-index > debug > ms: + patched: '2017-07-13T17:25:35.848Z' + - hubot > express > connect > serve-static > send > debug > ms: + patched: '2017-07-13T17:25:35.848Z' + - hubot > express > send > ms: + patched: '2017-07-13T17:25:35.848Z' + - hubot > express > connect > connect-timeout > ms: + patched: '2017-07-13T17:25:35.848Z' + - hubot > express > connect > serve-static > send > ms: + patched: '2017-07-13T17:25:35.848Z' + - hubot > express > connect > serve-favicon > ms: + patched: '2017-07-13T17:25:35.848Z' + 'npm:negotiator:20160616': + - hubot > express > connect > compression > accepts > negotiator: + patched: '2017-07-13T17:25:35.848Z' + - hubot > express > connect > serve-index > accepts > negotiator: + patched: '2017-07-13T17:25:35.848Z' diff --git a/package.json b/package.json index cf6c1bbe..5622cb6b 100644 --- a/package.json +++ b/package.json @@ -19,11 +19,17 @@ "hubot-rules": "^0.1.1", "hubot-scripts": "^2.17.1", "hubot-shipit": "^0.2.0", - "hubot-slack": "^3.4.2", + "hubot-slack": "^4.0.0", "lodash": "^4.12.0", - "node-schedule": "^1.2.0" + "node-schedule": "^1.2.0", + "snyk": "^1.36.2" }, "engines": { "node": "0.10.x" - } + }, + "scripts": { + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" + }, + "snyk": true }