From 4f03775060b1fc0fcefee5120fca494e4e89dec0 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 8 Jul 2016 18:27:50 +0000 Subject: [PATCH 1/2] fix: package.json & .snyk to reduce vulnerabilities --- .snyk | 17 +++++++++++++++++ package.json | 18 +++++++++++------- 2 files changed, 28 insertions(+), 7 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 000000000000..a5f37800074e --- /dev/null +++ b/.snyk @@ -0,0 +1,17 @@ +version: v1.5.0 +ignore: {} +patch: + 'npm:marked:20150520': + - marked: + patched: '2016-07-08T18:27:48.890Z' + - metalsmith-markdown > marked: + patched: '2016-07-08T18:27:48.890Z' + 'npm:minimatch:20160620': + - metalsmith-collections > minimatch: + patched: '2016-07-08T18:27:48.890Z' + - metalsmith-stylus > minimatch: + patched: '2016-07-08T18:27:48.890Z' + - metalsmith > recursive-readdir > minimatch: + patched: '2016-07-08T18:27:48.890Z' + - metalsmith-stylus > stylus > glob > minimatch: + patched: '2016-07-08T18:27:48.890Z' diff --git a/package.json b/package.json index 096350be2a91..15d72bea6797 100644 --- a/package.json +++ b/package.json @@ -11,7 +11,9 @@ "test": "npm run test:lint && npm run test:unit && npm run test:smoke", "test:lint": "standard", "test:unit": "tape tests/**/*.test.js | faucet", - "test:smoke": "tape tests/*.smoketest.js | faucet" + "test:smoke": "tape tests/*.smoketest.js | faucet", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" }, "repository": { "type": "git", @@ -35,7 +37,7 @@ "changelog-url": "1.0.2", "cheerio": "0.19.0", "chokidar": "1.2.0", - "handlebars": "4.0.4", + "handlebars": "4.0.5", "html-to-text": "^1.5.0", "js-yaml": "^3.4.5", "junk": "1.0.2", @@ -54,12 +56,13 @@ "ncp": "2.0.0", "node-geocoder": "^3.4.1", "node-version-data": "1.0.0", - "octonode": "0.7.4", + "octonode": "0.7.6", "request": "^2.67.0", "require-dir": "0.3.0", "semver": "5.0.3", - "st": "1.0.0", - "strftime": "0.9.2" + "st": "1.1.0", + "strftime": "0.9.2", + "snyk": "^1.17.0" }, "devDependencies": { "faucet": "^0.0.1", @@ -68,5 +71,6 @@ "proxyquire": "^1.7.3", "standard": "^6.0.8", "tape": "^4.2.2" - } -} + }, + "snyk": true +} \ No newline at end of file From 415cc1f9f5908b022d8fb6661744a54427c4fdf2 Mon Sep 17 00:00:00 2001 From: bitHound Date: Fri, 8 Jul 2016 15:56:36 -0400 Subject: [PATCH 2/2] update metalsmith-stylus to 2.0.0 --- package.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/package.json b/package.json index 15d72bea6797..25cc5379fdd4 100644 --- a/package.json +++ b/package.json @@ -51,7 +51,7 @@ "metalsmith-metadata": "0.0.2", "metalsmith-permalinks": "0.4.0", "metalsmith-prism": "2.1.1", - "metalsmith-stylus": "1.0.0", + "metalsmith-stylus": "^2.0.0", "metalsmith-yearly-pagination": "2.0.0", "ncp": "2.0.0", "node-geocoder": "^3.4.1", @@ -60,9 +60,9 @@ "request": "^2.67.0", "require-dir": "0.3.0", "semver": "5.0.3", + "snyk": "^1.17.0", "st": "1.1.0", - "strftime": "0.9.2", - "snyk": "^1.17.0" + "strftime": "0.9.2" }, "devDependencies": { "faucet": "^0.0.1", @@ -73,4 +73,4 @@ "tape": "^4.2.2" }, "snyk": true -} \ No newline at end of file +}