From 9b7a35d21500f50ae0a00b11e9097caba65855d9 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 1 May 2020 12:26:46 +0900 Subject: [PATCH 1/2] fix: appengine/websockets/package.json & appengine/websockets/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- appengine/websockets/package.json | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/appengine/websockets/package.json b/appengine/websockets/package.json index e1831711d0..a17a88e71b 100644 --- a/appengine/websockets/package.json +++ b/appengine/websockets/package.json @@ -14,12 +14,15 @@ "lint": "samples lint", "pretest": "npm run lint", "test": "node app.js & ava -T 30s test/*.js; killall node", - "e2e-test": "samples test deploy" + "e2e-test": "samples test deploy", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" }, "dependencies": { "express": "4.15.4", "pug": "2.0.3", - "socket.io": "2.2.0" + "socket.io": "2.2.0", + "snyk": "^1.316.1" }, "devDependencies": { "@google-cloud/nodejs-repo-tools": "3.1.0", @@ -33,5 +36,6 @@ }, "requiresKeyFile": true, "requiresProjectId": true - } + }, + "snyk": true } From 31ed1dbca0c0ff900599000cd88d5c81b99b73ba Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 1 May 2020 12:26:47 +0900 Subject: [PATCH 2/2] fix: appengine/websockets/package.json & appengine/websockets/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- appengine/websockets/.snyk | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 appengine/websockets/.snyk diff --git a/appengine/websockets/.snyk b/appengine/websockets/.snyk new file mode 100644 index 0000000000..52c238a9a6 --- /dev/null +++ b/appengine/websockets/.snyk @@ -0,0 +1,12 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.14.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - pug > pug-code-gen > constantinople > babel-types > lodash: + patched: '2020-05-01T03:26:37.484Z' + - pug > pug-filters > constantinople > babel-types > lodash: + patched: '2020-05-01T03:26:37.484Z' + - pug > pug-code-gen > pug-attrs > constantinople > babel-types > lodash: + patched: '2020-05-01T03:26:37.484Z'