Skip to content

Commit ea77ca0

Browse files
snyk-botsnyk-bot
committed
fix: package.json & .snyk to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ADMZIP-1065796 - https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908 - https://snyk.io/vuln/SNYK-JS-BABELTRAVERSE-5962463 - https://snyk.io/vuln/SNYK-JS-DECODEURICOMPONENT-3149970 - https://snyk.io/vuln/SNYK-JS-DICER-2311764 - https://snyk.io/vuln/SNYK-JS-DUSTJSLINKEDIN-1089257 - https://snyk.io/vuln/SNYK-JS-EJS-1049328 - https://snyk.io/vuln/SNYK-JS-EJS-2803307 - https://snyk.io/vuln/SNYK-JS-EXPRESS-6474509 - https://snyk.io/vuln/SNYK-JS-EXPRESSFILEUPLOAD-473997 - https://snyk.io/vuln/SNYK-JS-EXPRESSFILEUPLOAD-595969 - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1056767 - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1279029 - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-469063 - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-480388 - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534478 - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534988 - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-567742 - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 - https://snyk.io/vuln/SNYK-JS-INI-1048974 - https://snyk.io/vuln/SNYK-JS-ISTANBULREPORTS-2328088 - https://snyk.io/vuln/SNYK-JS-JQUERY-174006 - https://snyk.io/vuln/SNYK-JS-JQUERY-565129 - https://snyk.io/vuln/SNYK-JS-JQUERY-567880 - https://snyk.io/vuln/SNYK-JS-KERBEROS-568900 - https://snyk.io/vuln/SNYK-JS-KINDOF-537849 - https://snyk.io/vuln/SNYK-JS-LODASH-1018905 - https://snyk.io/vuln/SNYK-JS-LODASH-1040724 - https://snyk.io/vuln/SNYK-JS-LODASH-450202 - https://snyk.io/vuln/SNYK-JS-LODASH-567746 - https://snyk.io/vuln/SNYK-JS-LODASH-608086 - https://snyk.io/vuln/SNYK-JS-LODASH-73638 - https://snyk.io/vuln/SNYK-JS-LODASH-73639 - https://snyk.io/vuln/SNYK-JS-MARKED-174116 - https://snyk.io/vuln/SNYK-JS-MARKED-2342073 - https://snyk.io/vuln/SNYK-JS-MARKED-2342082 - https://snyk.io/vuln/SNYK-JS-MARKED-451540 - https://snyk.io/vuln/SNYK-JS-MARKED-584281 - https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818 - https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795 - https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 - https://snyk.io/vuln/SNYK-JS-MIXINDEEP-450212 - https://snyk.io/vuln/SNYK-JS-MOMENT-2440688 - https://snyk.io/vuln/SNYK-JS-MONGODB-473855 - https://snyk.io/vuln/SNYK-JS-MONGOOSE-1086688 - https://snyk.io/vuln/SNYK-JS-MONGOOSE-2961688 - https://snyk.io/vuln/SNYK-JS-MONGOOSE-472486 - https://snyk.io/vuln/SNYK-JS-MONGOOSE-5777721 - https://snyk.io/vuln/SNYK-JS-MPATH-1577289 - https://snyk.io/vuln/SNYK-JS-MQUERY-1050858 - https://snyk.io/vuln/SNYK-JS-MQUERY-1089718 - https://snyk.io/vuln/SNYK-JS-QS-3153490 - https://snyk.io/vuln/SNYK-JS-REQUEST-3361831 - https://snyk.io/vuln/SNYK-JS-SETVALUE-1540541 - https://snyk.io/vuln/SNYK-JS-SETVALUE-450213 - https://snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873 - https://snyk.io/vuln/SNYK-JS-TYPEORM-590152 - https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984 - https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660 - https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090599 - https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090600 - https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090601 - https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090602 - https://snyk.io/vuln/SNYK-JS-XML2JS-5414874 - https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381 - https://snyk.io/vuln/npm:adm-zip:20180415 - https://snyk.io/vuln/npm:debug:20170905 - https://snyk.io/vuln/npm:dustjs-linkedin:20160819 - https://snyk.io/vuln/npm:ejs:20161128 - https://snyk.io/vuln/npm:ejs:20161130 - https://snyk.io/vuln/npm:ejs:20161130-1 - https://snyk.io/vuln/npm:fresh:20170908 - https://snyk.io/vuln/npm:jquery:20150627 - https://snyk.io/vuln/npm:lodash:20180130 - https://snyk.io/vuln/npm:marked:20150520 - https://snyk.io/vuln/npm:marked:20170112 - https://snyk.io/vuln/npm:marked:20170815 - https://snyk.io/vuln/npm:marked:20170815-1 - https://snyk.io/vuln/npm:marked:20170907 - https://snyk.io/vuln/npm:marked:20180225 - https://snyk.io/vuln/npm:mem:20180117 - https://snyk.io/vuln/npm:mime:20170907 - https://snyk.io/vuln/npm:moment:20161019 - https://snyk.io/vuln/npm:moment:20170905 - https://snyk.io/vuln/npm:mongoose:20160116 - https://snyk.io/vuln/npm:ms:20151024 - https://snyk.io/vuln/npm:ms:20170412 - https://snyk.io/vuln/npm:negotiator:20160616 - https://snyk.io/vuln/npm:npmconf:20180512 - https://snyk.io/vuln/npm:qs:20170213 - https://snyk.io/vuln/npm:semver:20150403 - https://snyk.io/vuln/npm:st:20140206 - https://snyk.io/vuln/npm:st:20171013 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746
1 parent 699cc96 commit ea77ca0

File tree

2 files changed

+80
-24
lines changed

2 files changed

+80
-24
lines changed

.snyk

+52
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
2+
version: v1.25.1
3+
ignore: {}
4+
# patches apply the minimum changes required to fix a vulnerability
5+
patch:
6+
SNYK-JS-LODASH-567746:
7+
- tap > nyc > istanbul-lib-instrument > babel-types > lodash:
8+
patched: '2024-03-29T16:31:43.173Z'
9+
id: SNYK-JS-LODASH-567746
10+
path: tap > nyc > istanbul-lib-instrument > babel-types > lodash
11+
- tap > nyc > istanbul-lib-instrument > babel-generator > lodash:
12+
patched: '2024-03-29T16:31:43.173Z'
13+
id: SNYK-JS-LODASH-567746
14+
path: tap > nyc > istanbul-lib-instrument > babel-generator > lodash
15+
- tap > nyc > istanbul-lib-instrument > babel-traverse > lodash:
16+
patched: '2024-03-29T16:31:43.173Z'
17+
id: SNYK-JS-LODASH-567746
18+
path: tap > nyc > istanbul-lib-instrument > babel-traverse > lodash
19+
- tap > nyc > istanbul-lib-instrument > babel-template > lodash:
20+
patched: '2024-03-29T16:31:43.173Z'
21+
id: SNYK-JS-LODASH-567746
22+
path: tap > nyc > istanbul-lib-instrument > babel-template > lodash
23+
- tap > nyc > istanbul-lib-instrument > babel-generator > babel-types > lodash:
24+
patched: '2024-03-29T16:31:43.173Z'
25+
id: SNYK-JS-LODASH-567746
26+
path: >-
27+
tap > nyc > istanbul-lib-instrument > babel-generator > babel-types >
28+
lodash
29+
- tap > nyc > istanbul-lib-instrument > babel-traverse > babel-types > lodash:
30+
patched: '2024-03-29T16:31:43.173Z'
31+
id: SNYK-JS-LODASH-567746
32+
path: >-
33+
tap > nyc > istanbul-lib-instrument > babel-traverse > babel-types >
34+
lodash
35+
- tap > nyc > istanbul-lib-instrument > babel-template > babel-types > lodash:
36+
patched: '2024-03-29T16:31:43.173Z'
37+
id: SNYK-JS-LODASH-567746
38+
path: >-
39+
tap > nyc > istanbul-lib-instrument > babel-template > babel-types >
40+
lodash
41+
- tap > nyc > istanbul-lib-instrument > babel-template > babel-traverse > lodash:
42+
patched: '2024-03-29T16:31:43.173Z'
43+
id: SNYK-JS-LODASH-567746
44+
path: >-
45+
tap > nyc > istanbul-lib-instrument > babel-template > babel-traverse
46+
> lodash
47+
- tap > nyc > istanbul-lib-instrument > babel-template > babel-traverse > babel-types > lodash:
48+
patched: '2024-03-29T16:31:43.173Z'
49+
id: SNYK-JS-LODASH-567746
50+
path: >-
51+
tap > nyc > istanbul-lib-instrument > babel-template > babel-traverse
52+
> babel-types > lodash

package.json

+28-24
Original file line numberDiff line numberDiff line change
@@ -12,46 +12,50 @@
1212
"start": "NODE_OPTIONS=--openssl-legacy-provider node app.js",
1313
"build": "browserify -r jquery > public/js/bundle.js",
1414
"cleanup": "mongo express-todo --eval 'db.todos.remove({});'",
15-
"test": "snyk test"
15+
"test": "snyk test",
16+
"prepare": "npm run snyk-protect",
17+
"snyk-protect": "snyk-protect"
1618
},
1719
"dependencies": {
18-
"adm-zip": "0.4.11",
19-
"body-parser": "1.9.0",
20-
"cfenv": "^1.0.4",
20+
"adm-zip": "0.5.2",
21+
"body-parser": "1.19.2",
22+
"cfenv": "^1.2.4",
2123
"consolidate": "0.14.5",
2224
"dustjs-helpers": "1.5.0",
23-
"dustjs-linkedin": "2.5.0",
24-
"ejs": "1.0.0",
25+
"dustjs-linkedin": "3.0.0",
26+
"ejs": "3.1.7",
2527
"ejs-locals": "1.0.2",
26-
"errorhandler": "1.2.0",
27-
"express": "4.12.4",
28-
"express-fileupload": "0.0.5",
28+
"errorhandler": "1.4.3",
29+
"express": "4.19.2",
30+
"express-fileupload": "1.1.10",
2931
"express-session": "^1.17.2",
3032
"file-type": "^8.1.0",
31-
"hbs": "^4.0.4",
32-
"humanize-ms": "1.0.1",
33-
"jquery": "^2.2.4",
34-
"lodash": "4.17.4",
35-
"marked": "0.3.5",
33+
"hbs": "^4.1.2",
34+
"humanize-ms": "1.2.1",
35+
"jquery": "^3.5.0",
36+
"lodash": "4.17.21",
37+
"marked": "4.0.10",
3638
"method-override": "latest",
37-
"moment": "2.15.1",
39+
"moment": "2.29.2",
3840
"mongodb": "^3.5.9",
39-
"mongoose": "4.2.4",
41+
"mongoose": "5.13.20",
4042
"morgan": "latest",
41-
"ms": "^0.7.1",
43+
"ms": "^2.0.0",
4244
"mysql": "^2.18.1",
43-
"npmconf": "0.0.24",
45+
"npmconf": "2.1.3",
4446
"optional": "^0.1.3",
45-
"st": "0.2.4",
47+
"st": "1.2.2",
4648
"stream-buffers": "^3.0.1",
47-
"tap": "^11.1.3",
48-
"typeorm": "^0.2.24",
49-
"validator": "^13.5.2"
49+
"tap": "^18.0.0",
50+
"typeorm": "^0.3.18",
51+
"validator": "^13.7.0",
52+
"@snyk/protect": "latest"
5053
},
5154
"devDependencies": {
5255
"browserify": "^13.1.1",
5356
"nodemon": "^2.0.7",
54-
"snyk": "^1.244.0"
57+
"snyk": "^1.1286.2"
5558
},
56-
"license": "Apache-2.0"
59+
"license": "Apache-2.0",
60+
"snyk": true
5761
}

0 commit comments

Comments
 (0)