From cd138259db8aa7e17f69d8be7a876816a3494e80 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sat, 13 Oct 2018 00:43:14 +0000 Subject: [PATCH] fix: .snyk & package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-WEBPACKDEVSERVER-72405 - https://snyk.io/vuln/npm:braces:20180219 - https://snyk.io/vuln/npm:extend:20180424 - https://snyk.io/vuln/npm:lodash:20180130 - https://snyk.io/vuln/npm:react-dom:20180802 - https://snyk.io/vuln/npm:serve:20180529 - https://snyk.io/vuln/npm:serve:20180531 - https://snyk.io/vuln/npm:tunnel-agent:20170305 - https://snyk.io/vuln/npm:underscore.string:20170908 - https://snyk.io/vuln/npm:url-parse:20180731 - https://snyk.io/vuln/npm:ws:20171108 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:lodash:20180130 - https://snyk.io/vuln/npm:tunnel-agent:20170305 --- .snyk | 15 +++++++++++++++ package.json | 26 +++++++++++++++----------- 2 files changed, 30 insertions(+), 11 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..99181bc --- /dev/null +++ b/.snyk @@ -0,0 +1,15 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.12.0 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:lodash:20180130': + - gatsby > webpack-configurator > lodash: + patched: '2018-10-13T00:43:12.507Z' + 'npm:tunnel-agent:20170305': + - gatsby-remark-images > gatsby-plugin-sharp > imagemin-webp > cwebp-bin > bin-build > download > caw > tunnel-agent: + patched: '2018-10-13T00:43:12.507Z' + - gatsby-remark-images > gatsby-plugin-sharp > imagemin-pngquant > pngquant-bin > bin-wrapper > download > caw > tunnel-agent: + patched: '2018-10-13T00:43:12.507Z' + - gatsby-remark-images > gatsby-plugin-sharp > imagemin-webp > cwebp-bin > bin-wrapper > download > caw > tunnel-agent: + patched: '2018-10-13T00:43:12.507Z' diff --git a/package.json b/package.json index dabfb8e..ade584a 100644 --- a/package.json +++ b/package.json @@ -21,7 +21,9 @@ "precommit": "lint-staged", "storybook": "start-storybook -p 9001 -c .storybook", "storybook:build": "build-storybook -c .storybook -o public/docs", - "codeclimate": "codeclimate-test-reporter < coverage/lcov.info" + "codeclimate": "codeclimate-test-reporter < coverage/lcov.info", + "snyk-protect": "snyk protect", + "prepare": "npm run snyk-protect" }, "dependencies": { "@types/lodash": "^4.14.63", @@ -35,34 +37,35 @@ "change-case": "^3.0.1", "codeclimate-test-reporter": "^0.4.1", "disqus-react": "^1.0.5", - "gatsby": "latest", + "gatsby": "2.0.0", "gatsby-link": "latest", "gatsby-plugin-glamor": "latest", "gatsby-plugin-google-analytics": "latest", "gatsby-plugin-manifest": "latest", "gatsby-plugin-offline": "latest", - "gatsby-plugin-sharp": "latest", + "gatsby-plugin-sharp": "2.0.5", "gatsby-plugin-typescript": "latest", "gatsby-remark-autolink-headers": "latest", - "gatsby-remark-copy-linked-files": "latest", - "gatsby-remark-images": "latest", + "gatsby-remark-copy-linked-files": "1.5.35", + "gatsby-remark-images": "2.0.1", "gatsby-remark-prismjs": "latest", "gatsby-source-filesystem": "latest", "gatsby-transformer-json": "latest", - "gatsby-transformer-remark": "latest", - "gatsby-transformer-sharp": "latest", - "graphql-code-generator": "^0.5.2", + "gatsby-transformer-remark": "1.7.42", + "gatsby-transformer-sharp": "1.6.26", + "graphql-code-generator": "^0.5.5", "gray-matter": "^2.1.1", "lodash": "^4.17.4", "react": "^16.0.0", - "react-dom": "^16.0.0", + "react-dom": "^16.4.2", "react-helmet": "5.0.3", "react-redux": "^5.0.6", "redux-devtools-extension": "^2.13.2", "semantic-ui-react": "^0.74.2", "slash": "1.0.0", "ts-loader": "^2.3.7", - "typescript": "2.5.3" + "typescript": "2.5.3", + "snyk": "^1.103.4" }, "devDependencies": { "@storybook/addon-actions": "^3.2.14", @@ -165,5 +168,6 @@ }, "stylelint": { "extends": "stylelint-config-standard" - } + }, + "snyk": true }