From d4ef016558e9d0cdd0c133acf5bea595e875ba73 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sat, 8 Dec 2018 04:49:05 +0000 Subject: [PATCH] fix: .snyk & package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-MERGE-72553 - https://snyk.io/vuln/npm:atob:20180429 - https://snyk.io/vuln/npm:braces:20180219 - https://snyk.io/vuln/npm:cryptiles:20180710 - https://snyk.io/vuln/npm:debug:20170905 - https://snyk.io/vuln/npm:deep-extend:20180409 - https://snyk.io/vuln/npm:extend:20180424 - https://snyk.io/vuln/npm:hoek:20180212 - https://snyk.io/vuln/npm:is-my-json-valid:20180214 - https://snyk.io/vuln/npm:is-url:20180319 - https://snyk.io/vuln/npm:lodash:20180130 - https://snyk.io/vuln/npm:macaddress:20180511 - https://snyk.io/vuln/npm:mime:20170907 - https://snyk.io/vuln/npm:mixin-deep:20180215 - https://snyk.io/vuln/npm:preact-render-to-string:20180802 - https://snyk.io/vuln/npm:querystringify:20180419 - https://snyk.io/vuln/npm:serve:20180123 - https://snyk.io/vuln/npm:serve:20180318 - https://snyk.io/vuln/npm:serve:20180529 - https://snyk.io/vuln/npm:serve:20180531 - https://snyk.io/vuln/npm:sshpk:20180409 - https://snyk.io/vuln/npm:stringstream:20180511 - https://snyk.io/vuln/npm:tough-cookie:20170905 - https://snyk.io/vuln/npm:tunnel-agent:20170305 - https://snyk.io/vuln/npm:ua-parser-js:20180227 - https://snyk.io/vuln/npm:url-parse:20180731 - https://snyk.io/vuln/npm:ws:20171108 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:hoek:20180212 --- .snyk | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++++ package.json | 14 ++++++---- 2 files changed, 81 insertions(+), 5 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..ad56d3f --- /dev/null +++ b/.snyk @@ -0,0 +1,72 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.13.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:hoek:20180212': + - gatsby > webpack > watchpack > chokidar > fsevents > node-pre-gyp > hawk > hoek: + patched: '2018-12-08T04:49:02.575Z' + - gatsby-source-filesystem > chokidar > fsevents > node-pre-gyp > hawk > hoek: + patched: '2018-12-08T04:49:02.575Z' + - gatsby > chokidar > fsevents > node-pre-gyp > hawk > sntp > hoek: + patched: '2018-12-08T04:49:02.575Z' + - gatsby > chokidar > fsevents > node-pre-gyp > hawk > boom > hoek: + patched: '2018-12-08T04:49:02.575Z' + - gatsby-source-filesystem > chokidar > fsevents > node-pre-gyp > hawk > boom > hoek: + patched: '2018-12-08T04:49:02.575Z' + - gatsby-source-wordpress > gatsby-source-filesystem > chokidar > fsevents > node-pre-gyp > hawk > hoek: + patched: '2018-12-08T04:49:02.575Z' + - gatsby-source-filesystem > chokidar > fsevents > node-pre-gyp > hawk > sntp > hoek: + patched: '2018-12-08T04:49:02.575Z' + - gatsby-transformer-documentationjs > documentation > chokidar > fsevents > node-pre-gyp > hawk > hoek: + patched: '2018-12-08T04:49:02.575Z' + - gatsby-source-filesystem > babel-cli > chokidar > fsevents > node-pre-gyp > hawk > hoek: + patched: '2018-12-08T04:49:02.575Z' + - gatsby-source-filesystem > chokidar > fsevents > node-pre-gyp > hawk > cryptiles > boom > hoek: + patched: '2018-12-08T04:49:02.575Z' + - gatsby-source-wordpress > gatsby-source-filesystem > babel-cli > chokidar > fsevents > node-pre-gyp > hawk > hoek: + patched: '2018-12-08T04:49:02.575Z' + - gatsby-source-filesystem > babel-cli > chokidar > fsevents > node-pre-gyp > hawk > sntp > hoek: + patched: '2018-12-08T04:49:02.575Z' + - gatsby-source-filesystem > babel-cli > chokidar > fsevents > node-pre-gyp > hawk > boom > hoek: + patched: '2018-12-08T04:49:02.575Z' + - gatsby-source-wordpress > gatsby-source-filesystem > chokidar > fsevents > node-pre-gyp > hawk > sntp > hoek: + patched: '2018-12-08T04:49:02.575Z' + - gatsby-transformer-documentationjs > documentation > chokidar > fsevents > node-pre-gyp > hawk > sntp > hoek: + patched: '2018-12-08T04:49:02.575Z' + - gatsby-source-wordpress > gatsby-source-filesystem > chokidar > fsevents > node-pre-gyp > hawk > boom > hoek: + patched: '2018-12-08T04:49:02.575Z' + - gatsby > chokidar > fsevents > node-pre-gyp > hawk > hoek: + patched: '2018-12-08T04:49:02.575Z' + - gatsby-plugin-sass > webpack > watchpack > chokidar > fsevents > node-pre-gyp > hawk > hoek: + patched: '2018-12-08T04:49:02.575Z' + - gatsby-transformer-documentationjs > documentation > chokidar > fsevents > node-pre-gyp > hawk > boom > hoek: + patched: '2018-12-08T04:49:02.575Z' + - gatsby > chokidar > fsevents > node-pre-gyp > hawk > cryptiles > boom > hoek: + patched: '2018-12-08T04:49:02.575Z' + - gatsby-source-wordpress > gatsby-source-filesystem > babel-cli > chokidar > fsevents > node-pre-gyp > hawk > sntp > hoek: + patched: '2018-12-08T04:49:02.575Z' + - gatsby-transformer-documentationjs > documentation > chokidar > fsevents > node-pre-gyp > hawk > cryptiles > boom > hoek: + patched: '2018-12-08T04:49:02.575Z' + - gatsby > webpack > watchpack > chokidar > fsevents > node-pre-gyp > hawk > boom > hoek: + patched: '2018-12-08T04:49:02.575Z' + - gatsby-plugin-sass > webpack > watchpack > chokidar > fsevents > node-pre-gyp > hawk > boom > hoek: + patched: '2018-12-08T04:49:02.575Z' + - gatsby-source-filesystem > babel-cli > chokidar > fsevents > node-pre-gyp > hawk > cryptiles > boom > hoek: + patched: '2018-12-08T04:49:02.575Z' + - gatsby-source-wordpress > gatsby-source-filesystem > chokidar > fsevents > node-pre-gyp > hawk > cryptiles > boom > hoek: + patched: '2018-12-08T04:49:02.575Z' + - gatsby > webpack > watchpack > chokidar > fsevents > node-pre-gyp > hawk > sntp > hoek: + patched: '2018-12-08T04:49:02.575Z' + - gatsby-plugin-sass > webpack > watchpack > chokidar > fsevents > node-pre-gyp > hawk > sntp > hoek: + patched: '2018-12-08T04:49:02.575Z' + - gatsby-source-wordpress > gatsby-source-filesystem > babel-cli > chokidar > fsevents > node-pre-gyp > hawk > boom > hoek: + patched: '2018-12-08T04:49:02.575Z' + - gatsby-source-wordpress > gatsby-source-filesystem > babel-cli > chokidar > fsevents > node-pre-gyp > hawk > cryptiles > boom > hoek: + patched: '2018-12-08T04:49:02.575Z' + - gatsby > webpack > watchpack > chokidar > fsevents > node-pre-gyp > hawk > cryptiles > boom > hoek: + patched: '2018-12-08T04:49:02.575Z' + - gatsby-plugin-sass > webpack > watchpack > chokidar > fsevents > node-pre-gyp > hawk > cryptiles > boom > hoek: + patched: '2018-12-08T04:49:02.575Z' + - gatsby > webpack-validator > joi > hoek: + patched: '2018-12-08T04:49:02.575Z' diff --git a/package.json b/package.json index 17b3d0f..024d4d4 100644 --- a/package.json +++ b/package.json @@ -13,7 +13,7 @@ "eslint-plugin-promise": "^3.6.0", "eslint-plugin-react": "^7.4.0", "eslint-plugin-standard": "^3.0.1", - "gatsby": "^1.9.141", + "gatsby": "^1.9.275", "gatsby-image": "^1.0.30", "gatsby-link": "^1.6.32", "gatsby-module-loader": "^1.0.9", @@ -33,7 +33,7 @@ "gatsby-transformer-documentationjs": "^1.4.8", "gatsby-transformer-sharp": "^1.6.16", "graphql-code-generator": "^0.8.14", - "lodash": "^4.17.4", + "lodash": "^4.17.5", "prismjs": "^1.8.4", "prop-types": "^15.6.0", "react-addons-css-transition-group": "^15.6.2", @@ -41,7 +41,8 @@ "react-google-maps": "^9.2.2", "react-helmet": "^5.2.0", "slash": "^1.0.0", - "styled-components": "^2.2.3" + "styled-components": "^2.2.3", + "snyk": "^1.116.2" }, "keywords": [ "gatsby" @@ -63,7 +64,9 @@ "test:skipsnapshotsande2e": "env MODE=skipsnapshots SKIP=e2e jest", "test:skipe2e": "env SKIP=e2e jest", "graphql": "gql-gen --url http://localhost:8000/___graphql --template typescript --out ./graphql-types.d.ts", - "doc": "node doc" + "doc": "node doc", + "snyk-protect": "snyk protect", + "prepare": "npm run snyk-protect" }, "devDependencies": { "babel-eslint": "^7.2.3", @@ -105,5 +108,6 @@ "js", "jsx" ] - } + }, + "snyk": true }