From 3c0598d94bd95c597153f293f4a76ee4c022f110 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 1 May 2020 06:58:03 +0200 Subject: [PATCH 1/2] fix: server/package.json & server/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- server/package.json | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/server/package.json b/server/package.json index 8930a00..beeaba0 100644 --- a/server/package.json +++ b/server/package.json @@ -13,7 +13,9 @@ "release-minor": "aegir release --type minor", "release-major": "aegir release --type major", "coverage": "aegir coverage", - "coverage-publish": "aegir coverage -u" + "coverage-publish": "aegir coverage -u", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" }, "keywords": [ "libp2p", @@ -31,6 +33,8 @@ "node-forge": "^0.7.1", "protons": "^1.0.1", "request": "^2.83.0", - "zeronet-crypto": "^0.1.0" - } + "zeronet-crypto": "^0.1.0", + "snyk": "^1.316.1" + }, + "snyk": true } From b299c61ca6c20a095a49d84626ddf0de1985baa7 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 1 May 2020 06:58:04 +0200 Subject: [PATCH 2/2] fix: server/package.json & server/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- server/.snyk | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 server/.snyk diff --git a/server/.snyk b/server/.snyk new file mode 100644 index 0000000..d51c67d --- /dev/null +++ b/server/.snyk @@ -0,0 +1,30 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.14.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - libp2p-tcp > ip-address > lodash: + patched: '2020-05-01T04:58:01.368Z' + - multihashing-async > async > lodash: + patched: '2020-05-01T04:58:01.368Z' + - zeronet-crypto > libp2p-secio > async > lodash: + patched: '2020-05-01T04:58:01.368Z' + - zeronet-crypto > libp2p-secio > peer-id > lodash: + patched: '2020-05-01T04:58:01.368Z' + - zeronet-crypto > libp2p-secio > multihashing-async > async > lodash: + patched: '2020-05-01T04:58:01.368Z' + - zeronet-crypto > libp2p-secio > libp2p-crypto > async > lodash: + patched: '2020-05-01T04:58:01.368Z' + - zeronet-crypto > libp2p-secio > peer-id > async > lodash: + patched: '2020-05-01T04:58:01.368Z' + - zeronet-crypto > libp2p-secio > libp2p-crypto > multihashing-async > async > lodash: + patched: '2020-05-01T04:58:01.368Z' + - zeronet-crypto > libp2p-secio > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2020-05-01T04:58:01.368Z' + - zeronet-crypto > libp2p-secio > peer-id > libp2p-crypto > async > lodash: + patched: '2020-05-01T04:58:01.368Z' + - zeronet-crypto > libp2p-secio > peer-id > libp2p-crypto > multihashing-async > async > lodash: + patched: '2020-05-01T04:58:01.368Z' + - zeronet-crypto > libp2p-secio > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2020-05-01T04:58:01.368Z'