diff --git a/.snyk b/.snyk new file mode 100644 index 00000000..9d63826c --- /dev/null +++ b/.snyk @@ -0,0 +1,62 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.13.3 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:debug:20170905': + - socket.io > socket.io-adapter > socket.io-parser > debug: + patched: '2019-05-03T04:31:38.683Z' + - ampersand-io > socket.io-client > debug: + patched: '2019-05-03T04:31:38.683Z' + - ampersand-io-model > ampersand-io > socket.io-client > debug: + patched: '2019-05-03T04:31:38.683Z' + - ampersand-io-model > ampersand-io > socket.io-client > engine.io-client > debug: + patched: '2019-05-03T04:31:38.683Z' + - ampersand-io-collection > ampersand-io > socket.io-client > engine.io-client > debug: + patched: '2019-05-03T04:31:38.683Z' + - ampersand-io > socket.io-client > socket.io-parser > debug: + patched: '2019-05-03T04:31:38.683Z' + - ampersand-io-collection > ampersand-io > socket.io-client > debug: + patched: '2019-05-03T04:31:38.683Z' + - ampersand-io-collection > ampersand-io > socket.io-client > socket.io-parser > debug: + patched: '2019-05-03T04:31:38.683Z' + - ampersand-io-model > ampersand-io > socket.io-client > socket.io-parser > debug: + patched: '2019-05-03T04:31:38.683Z' + - ampersand-io > socket.io-client > engine.io-client > debug: + patched: '2019-05-03T04:31:38.683Z' + 'npm:hoek:20180212': + - hapi > subtext > content > hoek: + patched: '2019-05-03T04:31:38.683Z' + - hapi > subtext > pez > content > hoek: + patched: '2019-05-03T04:31:38.683Z' + 'npm:mime:20170907': + - stylizer > request > form-data > mime: + patched: '2019-05-03T04:31:38.683Z' + 'npm:ms:20170412': + - ampersand-io > socket.io-client > debug > ms: + patched: '2019-05-03T04:31:38.683Z' + - ampersand-io > socket.io-client > engine.io-client > debug > ms: + patched: '2019-05-03T04:31:38.683Z' + - ampersand-io-collection > ampersand-io > socket.io-client > debug > ms: + patched: '2019-05-03T04:31:38.683Z' + - ampersand-io-model > ampersand-io > socket.io-client > debug > ms: + patched: '2019-05-03T04:31:38.683Z' + - ampersand-io-model > ampersand-io > socket.io-client > engine.io-client > debug > ms: + patched: '2019-05-03T04:31:38.683Z' + - ampersand-io-collection > ampersand-io > socket.io-client > engine.io-client > debug > ms: + patched: '2019-05-03T04:31:38.683Z' + - ampersand-io > socket.io-client > socket.io-parser > debug > ms: + patched: '2019-05-03T04:31:38.683Z' + - socket.io > socket.io-adapter > socket.io-parser > debug > ms: + patched: '2019-05-03T04:31:38.683Z' + - ampersand-io-collection > ampersand-io > socket.io-client > socket.io-parser > debug > ms: + patched: '2019-05-03T04:31:38.683Z' + - ampersand-io-model > ampersand-io > socket.io-client > socket.io-parser > debug > ms: + patched: '2019-05-03T04:31:38.683Z' + 'npm:uglify-js:20151024': + - templatizer > jade > transformers > uglify-js: + patched: '2019-05-03T04:31:38.683Z' + - moonboots_hapi > moonboots > browserify > umd > ruglify > uglify-js: + patched: '2019-05-03T04:31:38.683Z' + - moonboots_hapi > moonboots > browserify > umd > uglify-js: + patched: '2019-05-03T04:31:38.683Z' diff --git a/package.json b/package.json index 1be7c42b..984fa9ca 100644 --- a/package.json +++ b/package.json @@ -9,7 +9,9 @@ "pretest": "touch client/css/app.css && echo \"module.exports={}\" >> client/js/templates.js", "test": "./node_modules/.bin/lab server/test -l -m 4000 --verbose", "test-cov": "lab server/test -c", - "lint": "standard | snazzy" + "lint": "standard | snazzy", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" }, "standard": { "ignore": [ @@ -54,10 +56,10 @@ "ampersand-io": "^0.4.2", "ampersand-io-collection": "^0.1.6", "ampersand-io-model": "^0.3.1", - "ampersand-model": "^4.1.0", + "ampersand-model": "^8.0.0", "ampersand-pagination-mixin": "^0.1.0", "ampersand-pikaday-view": "0.0.1", - "ampersand-rest-collection": "^2.0.4", + "ampersand-rest-collection": "^6.0.0", "ampersand-router": "^1.0.7", "ampersand-select-view": "https://github.com/sinfo/ampersand-select-view/tarball/master", "ampersand-state": "^4.3.15", @@ -66,39 +68,40 @@ "ampersand-view-switcher": "^1.1.2", "andlog": "^1.0.0", "async": "^0.2.10", - "boom": "^2.5.1", + "boom": "^3.1.3", "bows": "^1.3.2", "cookie-getter": "0.0.2", "cron": "~1.0.4", "domify": "^1.3.0", "domready": "^1.0.5", - "emailjs": "~0.3.8", + "emailjs": "~2.0.0", "favicon-setter": "^0.1.1", - "handlebars": "^2.0.0", - "hapi": "^7.5.3", - "hapi-auth-cookie": "^1.4.2", - "hapi-swagger": "^0.4.2", - "hoek": "^2.9.0", + "handlebars": "^4.0.14", + "hapi": "^13.4.0", + "hapi-auth-cookie": "^7.0.0", + "hapi-swagger": "^6.2.0", + "hoek": "^4.2.1", "icalendar": "^0.7.1", - "joi": "^4.9.0", - "jquery": "^2.1.1", - "lout": "^5.1.2", - "mailcomposer": "~0.2.12", + "joi": "^8.1.0", + "jquery": "^3.4.0", + "lout": "^9.0.1", + "mailcomposer": "~1.0.0", "mailgun-js": "git+https://github.com/sinfo/mailgun-js.git", "markdown": "~0.5.0", - "marked": "^0.3.3", + "marked": "^0.6.2", "moment": "^2.8.4", - "mongoose": "^3.9.7", - "moonboots_hapi": "^3.0.2", + "mongoose": "^4.10.2", + "moonboots_hapi": "^7.0.0", "pmx": "^0.3.20", "rand-token": "~0.2.1", "request": "^2.58.0", - "slug": "^0.7.1", - "socket.io": "^1.2.0", - "socket.io-client": "^1.2.0", - "stylizer": "^1.2.0", - "templatizer": "^1.5.2", - "underscore": "^1.6.0" + "slug": "^0.9.2", + "socket.io": "^2.0.2", + "socket.io-client": "^2.0.2", + "stylizer": "^2.1.1", + "templatizer": "^2.0.6", + "underscore": "^1.6.0", + "snyk": "^1.161.1" }, "devDependencies": { "bunyan": "~1.2.1", @@ -109,5 +112,6 @@ "pre-commit": "^1.1.3", "snazzy": "^4.0.0", "standard": "^7.1.2" - } + }, + "snyk": true }