From 1e8655954ceaf1f1c83ec748bd36a6d6626c3864 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 30 Sep 2022 16:01:21 +0000 Subject: [PATCH] fix: test/acceptance/workspaces/mono-repo-project/npm-project/package.json & test/acceptance/workspaces/mono-repo-project/npm-project/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908 - https://snyk.io/vuln/SNYK-JS-EJS-1049328 - https://snyk.io/vuln/SNYK-JS-EJS-2803307 - https://snyk.io/vuln/SNYK-JS-EXPRESSFILEUPLOAD-473997 - https://snyk.io/vuln/SNYK-JS-EXPRESSFILEUPLOAD-595969 - https://snyk.io/vuln/SNYK-JS-HAWK-2808852 - https://snyk.io/vuln/SNYK-JS-INI-1048974 - https://snyk.io/vuln/SNYK-JS-JSYAML-173999 - https://snyk.io/vuln/SNYK-JS-JSYAML-174129 - https://snyk.io/vuln/SNYK-JS-KERBEROS-568900 - https://snyk.io/vuln/SNYK-JS-MARKED-174116 - https://snyk.io/vuln/SNYK-JS-MARKED-2342073 - https://snyk.io/vuln/SNYK-JS-MARKED-2342082 - https://snyk.io/vuln/SNYK-JS-MARKED-451540 - https://snyk.io/vuln/SNYK-JS-MARKED-584281 - https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795 - https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 - https://snyk.io/vuln/SNYK-JS-MOMENT-2440688 - https://snyk.io/vuln/SNYK-JS-MONGODB-473855 - https://snyk.io/vuln/SNYK-JS-MONGOOSE-1086688 - https://snyk.io/vuln/SNYK-JS-MONGOOSE-2961688 - https://snyk.io/vuln/SNYK-JS-MONGOOSE-472486 - https://snyk.io/vuln/SNYK-JS-MPATH-1577289 - https://snyk.io/vuln/SNYK-JS-MQUERY-1050858 - https://snyk.io/vuln/SNYK-JS-MQUERY-1089718 - https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381 - https://snyk.io/vuln/npm:braces:20180219 - https://snyk.io/vuln/npm:debug:20170905 - https://snyk.io/vuln/npm:ejs:20161128 - https://snyk.io/vuln/npm:ejs:20161130 - https://snyk.io/vuln/npm:ejs:20161130-1 - https://snyk.io/vuln/npm:fresh:20170908 - https://snyk.io/vuln/npm:hoek:20180212 - https://snyk.io/vuln/npm:marked:20150520 - https://snyk.io/vuln/npm:marked:20170112 - https://snyk.io/vuln/npm:marked:20170815 - https://snyk.io/vuln/npm:marked:20170815-1 - https://snyk.io/vuln/npm:marked:20170907 - https://snyk.io/vuln/npm:marked:20180225 - https://snyk.io/vuln/npm:mime:20170907 - https://snyk.io/vuln/npm:moment:20161019 - https://snyk.io/vuln/npm:moment:20170905 - https://snyk.io/vuln/npm:mongoose:20160116 - https://snyk.io/vuln/npm:ms:20151024 - https://snyk.io/vuln/npm:ms:20170412 - https://snyk.io/vuln/npm:negotiator:20160616 - https://snyk.io/vuln/npm:npmconf:20180512 - https://snyk.io/vuln/npm:qs:20170213 - https://snyk.io/vuln/npm:semver:20150403 - https://snyk.io/vuln/npm:st:20140206 - https://snyk.io/vuln/npm:st:20171013 - https://snyk.io/vuln/npm:tunnel-agent:20170305 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:hawk:20160119 - https://snyk.io/vuln/npm:http-signature:20150122 - https://snyk.io/vuln/npm:mime:20170907 - https://snyk.io/vuln/npm:request:20160119 - https://snyk.io/vuln/npm:tunnel-agent:20170305 --- .../mono-repo-project/npm-project/.snyk | 20 +++++++++++ .../npm-project/package.json | 34 +++++++++++-------- 2 files changed, 39 insertions(+), 15 deletions(-) create mode 100644 test/acceptance/workspaces/mono-repo-project/npm-project/.snyk diff --git a/test/acceptance/workspaces/mono-repo-project/npm-project/.snyk b/test/acceptance/workspaces/mono-repo-project/npm-project/.snyk new file mode 100644 index 0000000000..64f1069db5 --- /dev/null +++ b/test/acceptance/workspaces/mono-repo-project/npm-project/.snyk @@ -0,0 +1,20 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.25.0 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:hawk:20160119': + - tap > codecov.io > request > hawk: + patched: '2022-09-30T16:01:15.770Z' + 'npm:http-signature:20150122': + - tap > codecov.io > request > http-signature: + patched: '2022-09-30T16:01:15.770Z' + 'npm:mime:20170907': + - tap > codecov.io > request > form-data > mime: + patched: '2022-09-30T16:01:15.770Z' + 'npm:request:20160119': + - tap > codecov.io > request: + patched: '2022-09-30T16:01:15.770Z' + 'npm:tunnel-agent:20170305': + - tap > codecov.io > request > tunnel-agent: + patched: '2022-09-30T16:01:15.770Z' diff --git a/test/acceptance/workspaces/mono-repo-project/npm-project/package.json b/test/acceptance/workspaces/mono-repo-project/npm-project/package.json index 5211b26c8e..00afd7b6f5 100644 --- a/test/acceptance/workspaces/mono-repo-project/npm-project/package.json +++ b/test/acceptance/workspaces/mono-repo-project/npm-project/package.json @@ -9,27 +9,31 @@ }, "scripts": { "start": "node app.js", - "cleanup": "mongo express-todo --eval 'db.todos.remove({});'" + "cleanup": "mongo express-todo --eval 'db.todos.remove({});'", + "prepublish": "npm run snyk-protect", + "snyk-protect": "snyk-protect" }, "dependencies": { - "body-parser": "1.9.0", + "body-parser": "1.17.1", "cookie-parser": "1.3.3", - "ejs": "1.0.0", + "ejs": "3.1.7", "ejs-locals": "1.0.2", - "errorhandler": "1.2.0", - "express": "4.12.4", - "express-fileupload": "0.0.5", - "humanize-ms": "1.0.1", - "marked": "0.3.5", + "errorhandler": "1.4.3", + "express": "4.16.0", + "express-fileupload": "1.1.10", + "humanize-ms": "1.2.1", + "marked": "4.0.10", "method-override": "latest", - "moment": "2.15.1", - "mongoose": "4.2.4", + "moment": "2.29.2", + "mongoose": "5.13.15", "morgan": "latest", - "ms": "^0.7.1", - "npmconf": "0.0.24", + "ms": "^2.0.0", + "npmconf": "2.1.3", "optional": "^0.1.3", - "st": "0.2.4", + "st": "1.2.2", "stream-buffers": "^3.0.1", - "tap": "^5.7.0" - } + "tap": "^14.6.8", + "@snyk/protect": "latest" + }, + "snyk": true }