From 74c8d359fa0860b246ec8b4117716b9c7cee2c99 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 15 Jan 2020 08:43:19 +0000 Subject: [PATCH] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-STYLELINT-460283 - https://snyk.io/vuln/npm:braces:20180219 - https://snyk.io/vuln/npm:preact-render-to-string:20180802 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:debug:20170905 --- .snyk | 8 +++ package.json | 192 ++++++++++++++++++++++++++------------------------- 2 files changed, 106 insertions(+), 94 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..13f1621 --- /dev/null +++ b/.snyk @@ -0,0 +1,8 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.14.0 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:debug:20170905': + - stylelint > debug: + patched: '2020-01-15T08:43:14.829Z' diff --git a/package.json b/package.json index 449aee9..7dc4e2f 100644 --- a/package.json +++ b/package.json @@ -1,99 +1,103 @@ { - "name": "guui", - "version": "0.1.0", - "description": "Guardian rendering framework written in JSX.", - "files": [ - "dist/*.js" + "name": "guui", + "version": "0.1.0", + "description": "Guardian rendering framework written in JSX.", + "files": [ + "dist/*.js" + ], + "private": true, + "scripts": { + "check:env": "node ./__tools__/preinstall.js && check-node-version -q --node $(cat .nvmrc) --yarn 0.27.5 && yarn install -s", + "lint:scss": "stylelint 'src/**/*.*css'", + "lint:scss:fix": "stylelint 'src/**/*.*css' --fix", + "lint:js": "eslint .", + "lint:js:fix": "eslint . --fix", + "lint": "yarn check:env -s && yarn lint:js -s && yarn lint:scss -s", + "lint:fix": "yarn check:env -s && yarn lint:js:fix -s && yarn lint:scss:fix -s", + "flow": "flow", + "test": "yarn check:env -s && jest", + "test:watch": "yarn check:env -s && jest --watch", + "test:ci": "jest --coverage && cat ./coverage/lcov.info | ./node_modules/coveralls/bin/coveralls.js", + "clean": "rm -rf ./dist", + "compile": "BABEL_ENV=production yarn check:env -s && yarn run clean -s && webpack --config ./__config__/webpack.config.prod.js --progress && echo 'Client bundle size:' && gzip-size ../static/target/javascripts/ui.bundle.browser.js", + "watch": "yarn check:env -s && yarn run clean -s && concurrently --kill-others -n \"BRSR,SRVR\" -c \"blue,green\" \"yarn watch:browser\" \"yarn watch:server\"", + "watch:browser": "webpack-dev-server --config ./__config__/webpack.config.dev.js --env.browser", + "watch:server": "webpack --config ./__config__/webpack.config.dev.js --env.server", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" + }, + "dependencies": { + "preact": "^8.2.1", + "preact-render-to-string": "^3.7.2", + "sass-mq": "^3.3.2", + "stylelint": "^11.0.0", + "styletron": "^2.5.7", + "styletron-client": "^2.5.7", + "styletron-preact": "^2.5.7", + "styletron-server": "^2.5.7", + "snyk": "^1.278.1" + }, + "devDependencies": { + "babel-core": "^6.25.0", + "babel-eslint": "^7.2.3", + "babel-loader": "^7.1.1", + "babel-plugin-add-react-displayname": "^0.0.4", + "babel-plugin-provide-modules": "^1.0.3", + "babel-plugin-transform-es2015-modules-commonjs": "^6.24.1", + "babel-plugin-transform-object-rest-spread": "^6.23.0", + "babel-plugin-transform-react-jsx": "^6.24.1", + "babel-plugin-transform-runtime": "^6.23.0", + "babel-preset-env": "^1.6.0", + "babel-preset-flow": "^6.23.0", + "check-node-version": "^2.1.0", + "concurrently": "^3.5.0", + "core-js": "^2.4.1", + "coveralls": "^2.13.0", + "css-loader": "^0.28.4", + "eslint": "^4.3.0", + "eslint-config-airbnb": "^15.1.0", + "eslint-config-prettier": "^2.3.0", + "eslint-import-resolver-webpack": "^0.8.3", + "eslint-plugin-flow-header": "^0.1.1", + "eslint-plugin-flowtype": "^2.35.0", + "eslint-plugin-import": "^2.7.0", + "eslint-plugin-jsx-a11y": "^5.1.1", + "eslint-plugin-prettier": "^2.1.2", + "eslint-plugin-react": "^7.1.0", + "flow-bin": "^0.51.1", + "gzip-size-cli": "^2.0.0", + "htmltojsx": "^0.2.6", + "jest": "^20.0.4", + "node-sass": "^4.5.3", + "preact-svg-loader": "^0.2.0", + "prettier": "^1.5.3", + "sass-loader": "^6.0.6", + "stylelint-config-standard": "^17.0.0", + "stylelint-order": "^0.6.0", + "stylelint-scss": "^2.0.0", + "styletron-loader": "^0.6.0", + "svgo": "^0.7.2", + "to-string-loader": "^1.1.5", + "webpack": "^3.4.1", + "webpack-bundle-analyzer": "^2.8.3", + "webpack-dev-server": "^2.6.1", + "webpack-hot-middleware": "^2.18.2", + "webpack-merge": "^4.1.0" + }, + "jest": { + "moduleDirectories": [ + "/src", + "/src/app", + "node_modules" ], - "private": true, - "scripts": { - "check:env": "node ./__tools__/preinstall.js && check-node-version -q --node $(cat .nvmrc) --yarn 0.27.5 && yarn install -s", - "lint:scss": "stylelint 'src/**/*.*css'", - "lint:scss:fix": "stylelint 'src/**/*.*css' --fix", - "lint:js": "eslint .", - "lint:js:fix": "eslint . --fix", - "lint": "yarn check:env -s && yarn lint:js -s && yarn lint:scss -s", - "lint:fix": "yarn check:env -s && yarn lint:js:fix -s && yarn lint:scss:fix -s", - "flow": "flow", - "test": "yarn check:env -s && jest", - "test:watch": "yarn check:env -s && jest --watch", - "test:ci": "jest --coverage && cat ./coverage/lcov.info | ./node_modules/coveralls/bin/coveralls.js", - "clean": "rm -rf ./dist", - "compile": "BABEL_ENV=production yarn check:env -s && yarn run clean -s && webpack --config ./__config__/webpack.config.prod.js --progress && echo 'Client bundle size:' && gzip-size ../static/target/javascripts/ui.bundle.browser.js", - "watch": "yarn check:env -s && yarn run clean -s && concurrently --kill-others -n \"BRSR,SRVR\" -c \"blue,green\" \"yarn watch:browser\" \"yarn watch:server\"", - "watch:browser": "webpack-dev-server --config ./__config__/webpack.config.dev.js --env.browser", - "watch:server": "webpack --config ./__config__/webpack.config.dev.js --env.server" + "moduleNameMapper": { + "^(.*)\\.svg$": "/__mocks__/svg.js", + "^(.*)\\.js\\.scss$": "/__mocks__/js.scss.js" }, - "dependencies": { - "preact": "^8.2.1", - "preact-render-to-string": "^3.6.0", - "sass-mq": "^3.3.2", - "stylelint": "^8.0.0", - "styletron": "^2.5.7", - "styletron-client": "^2.5.7", - "styletron-preact": "^2.5.7", - "styletron-server": "^2.5.7" - }, - "devDependencies": { - "babel-core": "^6.25.0", - "babel-eslint": "^7.2.3", - "babel-loader": "^7.1.1", - "babel-plugin-add-react-displayname": "^0.0.4", - "babel-plugin-provide-modules": "^1.0.3", - "babel-plugin-transform-es2015-modules-commonjs": "^6.24.1", - "babel-plugin-transform-object-rest-spread": "^6.23.0", - "babel-plugin-transform-react-jsx": "^6.24.1", - "babel-plugin-transform-runtime": "^6.23.0", - "babel-preset-env": "^1.6.0", - "babel-preset-flow": "^6.23.0", - "check-node-version": "^2.1.0", - "concurrently": "^3.5.0", - "core-js": "^2.4.1", - "coveralls": "^2.13.0", - "css-loader": "^0.28.4", - "eslint": "^4.3.0", - "eslint-config-airbnb": "^15.1.0", - "eslint-config-prettier": "^2.3.0", - "eslint-import-resolver-webpack": "^0.8.3", - "eslint-plugin-flow-header": "^0.1.1", - "eslint-plugin-flowtype": "^2.35.0", - "eslint-plugin-import": "^2.7.0", - "eslint-plugin-jsx-a11y": "^5.1.1", - "eslint-plugin-prettier": "^2.1.2", - "eslint-plugin-react": "^7.1.0", - "flow-bin": "^0.51.1", - "gzip-size-cli": "^2.0.0", - "htmltojsx": "^0.2.6", - "jest": "^20.0.4", - "node-sass": "^4.5.3", - "preact-svg-loader": "^0.2.0", - "prettier": "^1.5.3", - "sass-loader": "^6.0.6", - "stylelint-config-standard": "^17.0.0", - "stylelint-order": "^0.6.0", - "stylelint-scss": "^2.0.0", - "styletron-loader": "^0.6.0", - "svgo": "^0.7.2", - "to-string-loader": "^1.1.5", - "webpack": "^3.4.1", - "webpack-bundle-analyzer": "^2.8.3", - "webpack-dev-server": "^2.6.1", - "webpack-hot-middleware": "^2.18.2", - "webpack-merge": "^4.1.0" - }, - "jest": { - "moduleDirectories": [ - "/src", - "/src/app", - "node_modules" - ], - "moduleNameMapper": { - "^(.*)\\.svg$": "/__mocks__/svg.js", - "^(.*)\\.js\\.scss$": "/__mocks__/js.scss.js" - }, - "globals": { - "BROWSER": false, - "SERVER": true - } + "globals": { + "BROWSER": false, + "SERVER": true } + }, + "snyk": true }