From 1f515cd0ff86018393ef93dde85efddcd70808fb Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Mon, 17 May 2021 13:44:37 +0000 Subject: [PATCH] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-GETOBJECT-1054932 - https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905 - https://snyk.io/vuln/SNYK-JS-GRUNT-597546 - https://snyk.io/vuln/SNYK-JS-HTTPPROXY-569139 - https://snyk.io/vuln/SNYK-JS-JQUERY-174006 - https://snyk.io/vuln/SNYK-JS-JQUERY-565129 - https://snyk.io/vuln/SNYK-JS-JQUERY-567880 - https://snyk.io/vuln/SNYK-JS-JSYAML-174129 - https://snyk.io/vuln/SNYK-JS-LODASH-1018905 - https://snyk.io/vuln/SNYK-JS-LODASH-1040724 - https://snyk.io/vuln/SNYK-JS-LODASH-450202 - https://snyk.io/vuln/SNYK-JS-LODASH-567746 - https://snyk.io/vuln/SNYK-JS-LODASH-590103 - https://snyk.io/vuln/SNYK-JS-LODASH-608086 - https://snyk.io/vuln/SNYK-JS-LODASH-73638 - https://snyk.io/vuln/SNYK-JS-LODASH-73639 - https://snyk.io/vuln/SNYK-JS-MINIMATCH-1019388 - https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 - https://snyk.io/vuln/SNYK-JS-SOCKETIO-1024859 - https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984 - https://snyk.io/vuln/npm:braces:20180219 - https://snyk.io/vuln/npm:cli:20160615 - https://snyk.io/vuln/npm:concat-stream:20160901 - https://snyk.io/vuln/npm:debug:20170905 - https://snyk.io/vuln/npm:jquery:20150627 - https://snyk.io/vuln/npm:lodash:20180130 - https://snyk.io/vuln/npm:minimatch:20160620 - https://snyk.io/vuln/npm:ms:20170412 - https://snyk.io/vuln/npm:semver:20150403 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:debug:20170905 - https://snyk.io/vuln/npm:minimatch:20160620 - https://snyk.io/vuln/npm:ms:20170412 --- .snyk | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++++ package.json | 35 +++++++++++++++--------------- 2 files changed, 78 insertions(+), 17 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 00000000..83fb6357 --- /dev/null +++ b/.snyk @@ -0,0 +1,60 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.19.0 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:debug:20170905': + - karma > connect > body-parser > debug: + patched: '2021-05-17T13:44:33.972Z' + - karma > connect > compression > debug: + patched: '2021-05-17T13:44:33.972Z' + - karma > connect > connect-timeout > debug: + patched: '2021-05-17T13:44:33.972Z' + - karma > connect > express-session > debug: + patched: '2021-05-17T13:44:33.972Z' + - karma > connect > morgan > debug: + patched: '2021-05-17T13:44:33.972Z' + - karma > connect > serve-index > debug: + patched: '2021-05-17T13:44:33.972Z' + - karma > connect > serve-static > send > debug: + patched: '2021-05-17T13:44:33.972Z' + 'npm:minimatch:20160620': + - grunt-karma-coveralls > karma-coverage > minimatch: + patched: '2021-05-17T13:44:33.972Z' + - karma-coverage > ibrik > fileset > glob > minimatch: + patched: '2021-05-17T13:44:33.972Z' + - grunt-karma-coveralls > karma-coverage > ibrik > fileset > glob > minimatch: + patched: '2021-05-17T13:44:33.972Z' + - grunt-karma-coveralls > glob > minimatch: + patched: '2021-05-17T13:44:33.972Z' + - karma-coverage > ibrik > istanbul > fileset > minimatch: + patched: '2021-05-17T13:44:33.972Z' + - grunt-karma-coveralls > karma-coverage > istanbul > fileset > minimatch: + patched: '2021-05-17T13:44:33.972Z' + - grunt-karma-coveralls > karma-coverage > ibrik > istanbul > fileset > minimatch: + patched: '2021-05-17T13:44:33.972Z' + - karma-coverage > ibrik > fileset > minimatch: + patched: '2021-05-17T13:44:33.972Z' + - grunt-karma-coveralls > karma-coverage > ibrik > fileset > minimatch: + patched: '2021-05-17T13:44:33.972Z' + 'npm:ms:20170412': + - karma > connect > connect-timeout > ms: + patched: '2021-05-17T13:44:33.972Z' + - karma > connect > body-parser > debug > ms: + patched: '2021-05-17T13:44:33.972Z' + - karma > connect > compression > debug > ms: + patched: '2021-05-17T13:44:33.972Z' + - karma > connect > connect-timeout > debug > ms: + patched: '2021-05-17T13:44:33.972Z' + - karma > connect > express-session > debug > ms: + patched: '2021-05-17T13:44:33.972Z' + - karma > connect > morgan > debug > ms: + patched: '2021-05-17T13:44:33.972Z' + - karma > connect > serve-index > debug > ms: + patched: '2021-05-17T13:44:33.972Z' + - karma > connect > serve-static > send > ms: + patched: '2021-05-17T13:44:33.972Z' + - karma > connect > serve-static > send > debug > ms: + patched: '2021-05-17T13:44:33.972Z' + - karma > connect > serve-favicon > ms: + patched: '2021-05-17T13:44:33.972Z' diff --git a/package.json b/package.json index 5238b625..3a5414fe 100644 --- a/package.json +++ b/package.json @@ -13,32 +13,32 @@ "test": "test" }, "dependencies": { - "d3": "^3.0.6" + "d3": "^3.0.6", + "snyk": "^1.595.0" }, "devDependencies": { - "grunt": "~0.4.5", - "grunt-contrib-uglify": "~0.7.0", + "grunt": "~1.3.0", + "grunt-contrib-uglify": "~0.11.1", "grunt-contrib-copy": "~0.7.0", - "grunt-contrib-jshint": "~0.11.0", + "grunt-contrib-jshint": "~0.12.0", "grunt-contrib-concat": "~0.5.0", - "grunt-contrib-watch": "~0.6.1", - "grunt-contrib-qunit": "~0.5.2", - + "grunt-contrib-watch": "~1.0.1", + "grunt-contrib-qunit": "~1.0.0", "grunt-css": "~0.5.4", - "grunt-replace": "~0.8.0", - - "phantomjs": "~1.9.15", - "karma": "~0.12.31", - "karma-coverage": "~0.2.7", + "grunt-replace": "~2.0.0", + "phantomjs": "~2.1.1", + "karma": "~5.0.8", + "karma-coverage": "~0.5.3", "karma-qunit": "~0.1.4", - "karma-phantomjs-launcher": "~0.1.4", + "karma-phantomjs-launcher": "~0.2.0", "grunt-karma-coveralls": "~2.5.3", - "qunitjs": "~1.17.0", - "jquery": "~1.9.1" + "jquery": "~3.5.0" }, "scripts": { - "test": "grunt travis --verbose; ./node_modules/karma/bin/karma start --single-run --browsers PhantomJS" + "test": "grunt travis --verbose; ./node_modules/karma/bin/karma start --single-run --browsers PhantomJS", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" }, "repository": { "type": "git", @@ -66,5 +66,6 @@ "categories": [ "Data", "Visualization" - ] + ], + "snyk": true }