From e54c3e09c0cb6a27edc423bdd786b1d92c6a98d1 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 5 Oct 2022 21:20:01 +0000 Subject: [PATCH] fix: carpool-backend/package.json & carpool-backend/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908 - https://snyk.io/vuln/SNYK-JS-EJS-1049328 - https://snyk.io/vuln/SNYK-JS-EJS-2803307 - https://snyk.io/vuln/SNYK-JS-GETOBJECT-1054932 - https://snyk.io/vuln/SNYK-JS-GRUNT-2635969 - https://snyk.io/vuln/SNYK-JS-GRUNT-2813632 - https://snyk.io/vuln/SNYK-JS-GRUNT-597546 - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1056767 - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1279029 - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-173692 - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-567742 - https://snyk.io/vuln/SNYK-JS-HAWK-2808852 - https://snyk.io/vuln/SNYK-JS-INI-1048974 - https://snyk.io/vuln/SNYK-JS-JSYAML-173999 - https://snyk.io/vuln/SNYK-JS-JSYAML-174129 - https://snyk.io/vuln/SNYK-JS-LODASH-1018905 - https://snyk.io/vuln/SNYK-JS-LODASH-1040724 - https://snyk.io/vuln/SNYK-JS-LODASH-450202 - https://snyk.io/vuln/SNYK-JS-LODASH-567746 - https://snyk.io/vuln/SNYK-JS-LODASH-608086 - https://snyk.io/vuln/SNYK-JS-LODASH-73638 - https://snyk.io/vuln/SNYK-JS-LODASH-73639 - https://snyk.io/vuln/SNYK-JS-MINIMATCH-1019388 - https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795 - https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 - https://snyk.io/vuln/SNYK-JS-MORGAN-72579 - https://snyk.io/vuln/SNYK-JS-SAILSHOOKSOCKETS-589929 - https://snyk.io/vuln/SNYK-JS-SEQUELIZE-174147 - https://snyk.io/vuln/SNYK-JS-SEQUELIZE-2932027 - https://snyk.io/vuln/SNYK-JS-SEQUELIZE-2959225 - https://snyk.io/vuln/SNYK-JS-SEQUELIZE-543029 - https://snyk.io/vuln/SNYK-JS-SOCKETIO-1024859 - https://snyk.io/vuln/SNYK-JS-SOCKETIOPARSER-1056752 - https://snyk.io/vuln/SNYK-JS-UGLIFYJS-1727251 - https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090599 - https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090600 - https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090601 - https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090602 - https://snyk.io/vuln/SNYK-JS-WS-1296835 - https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1082936 - https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1255647 - https://snyk.io/vuln/npm:base64-url:20180512 - https://snyk.io/vuln/npm:clean-css:20180306 - https://snyk.io/vuln/npm:debug:20170905 - https://snyk.io/vuln/npm:deep-extend:20180409 - https://snyk.io/vuln/npm:ejs:20161128 - https://snyk.io/vuln/npm:ejs:20161130 - https://snyk.io/vuln/npm:ejs:20161130-1 - https://snyk.io/vuln/npm:fresh:20170908 - https://snyk.io/vuln/npm:handlebars:20151207 - https://snyk.io/vuln/npm:hawk:20160119 - https://snyk.io/vuln/npm:hoek:20180212 - https://snyk.io/vuln/npm:http-signature:20150122 - https://snyk.io/vuln/npm:lodash:20180130 - https://snyk.io/vuln/npm:mime:20170907 - https://snyk.io/vuln/npm:minimatch:20160620 - https://snyk.io/vuln/npm:ms:20170412 - https://snyk.io/vuln/npm:mysql:20170317 - https://snyk.io/vuln/npm:negotiator:20160616 - https://snyk.io/vuln/npm:qs:20170213 - https://snyk.io/vuln/npm:request:20160119 - https://snyk.io/vuln/npm:sails:20150604 - https://snyk.io/vuln/npm:sails:20161013 - https://snyk.io/vuln/npm:tunnel-agent:20170305 - https://snyk.io/vuln/npm:underscore.string:20170908 - https://snyk.io/vuln/npm:validator:20160218 - https://snyk.io/vuln/npm:validator:20180218 - https://snyk.io/vuln/npm:ws:20160624 - https://snyk.io/vuln/npm:ws:20160920 - https://snyk.io/vuln/npm:ws:20171108 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:debug:20170905 - https://snyk.io/vuln/npm:lodash:20180130 - https://snyk.io/vuln/npm:mime:20170907 - https://snyk.io/vuln/npm:ms:20170412 - https://snyk.io/vuln/npm:negotiator:20160616 - https://snyk.io/vuln/npm:qs:20140806-1 --- carpool-backend/.snyk | 63 ++++++++++++++++++++++++++++++++++++ carpool-backend/package.json | 28 +++++++++------- 2 files changed, 79 insertions(+), 12 deletions(-) create mode 100644 carpool-backend/.snyk diff --git a/carpool-backend/.snyk b/carpool-backend/.snyk new file mode 100644 index 0000000..ce3cafd --- /dev/null +++ b/carpool-backend/.snyk @@ -0,0 +1,63 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.25.0 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:debug:20170905': + - sails > connect > body-parser > debug: + patched: '2022-10-05T21:19:53.510Z' + - sails > connect > compression > debug: + patched: '2022-10-05T21:19:53.510Z' + - sails > connect > connect-timeout > debug: + patched: '2022-10-05T21:19:53.510Z' + - sails > connect > express-session > debug: + patched: '2022-10-05T21:19:53.510Z' + - sails > connect > morgan > debug: + patched: '2022-10-05T21:19:53.510Z' + - sails > connect > serve-index > debug: + patched: '2022-10-05T21:19:53.510Z' + - sails > connect > serve-static > send > debug: + patched: '2022-10-05T21:19:53.510Z' + 'npm:lodash:20180130': + - sails-hook-sequelize-blueprints > lodash: + patched: '2022-10-05T21:19:53.510Z' + - sails-disk > waterline-criteria > lodash: + patched: '2022-10-05T21:19:53.510Z' + - sails-disk > waterline-cursor > lodash: + patched: '2022-10-05T21:19:53.510Z' + - sails > sails-disk > waterline-criteria > lodash: + patched: '2022-10-05T21:19:53.510Z' + - sails > sails-disk > waterline-cursor > lodash: + patched: '2022-10-05T21:19:53.510Z' + 'npm:mime:20170907': + - sails > connect > serve-static > send > mime: + patched: '2022-10-05T21:19:53.510Z' + 'npm:ms:20170412': + - sails > connect > connect-timeout > ms: + patched: '2022-10-05T21:19:53.510Z' + - sails > connect > body-parser > debug > ms: + patched: '2022-10-05T21:19:53.510Z' + - sails > connect > compression > debug > ms: + patched: '2022-10-05T21:19:53.510Z' + - sails > connect > connect-timeout > debug > ms: + patched: '2022-10-05T21:19:53.510Z' + - sails > connect > express-session > debug > ms: + patched: '2022-10-05T21:19:53.510Z' + - sails > connect > morgan > debug > ms: + patched: '2022-10-05T21:19:53.510Z' + - sails > connect > serve-index > debug > ms: + patched: '2022-10-05T21:19:53.510Z' + - sails > connect > serve-static > send > ms: + patched: '2022-10-05T21:19:53.510Z' + - sails > connect > serve-static > send > debug > ms: + patched: '2022-10-05T21:19:53.510Z' + - sails > connect > serve-favicon > ms: + patched: '2022-10-05T21:19:53.510Z' + 'npm:negotiator:20160616': + - sails > connect > compression > accepts > negotiator: + patched: '2022-10-05T21:19:53.510Z' + - sails > connect > serve-index > accepts > negotiator: + patched: '2022-10-05T21:19:53.510Z' + 'npm:qs:20140806-1': + - sails > grunt-contrib-watch > tiny-lr-fork > qs: + patched: '2022-10-05T21:19:53.510Z' diff --git a/carpool-backend/package.json b/carpool-backend/package.json index bc07841..ca6aa81 100644 --- a/carpool-backend/package.json +++ b/carpool-backend/package.json @@ -7,26 +7,29 @@ "dependencies": { "async": "^2.0.1", "crypto": "0.0.3", - "ejs": "~0.8.4", - "grunt": "1.0.0", + "ejs": "~3.1.7", + "grunt": "1.5.3", "include-all": "~0.1.3", "lodash": "^4.16.4", "md5": "^2.2.1", "moment": "^2.15.1", "mysql": "^2.11.1", - "rc": "~0.5.0", - "sails": "~0.11.0", - "sails-disk": "~0.10.0", - "sails-hook-sequelize": "^1.0.1", + "rc": "~1.2.7", + "sails": "~1.5.3", + "sails-disk": "~1.0.0", + "sails-hook-sequelize": "^2.0.0", "sails-hook-sequelize-blueprints": "^0.3.0", - "sails-mysql": "^0.11.5", - "sails-sqlserver": "^0.10.8", - "sequelize": "^3.24.3", - "tedious": "^1.14.0" + "sails-mysql": "^1.0.0", + "sails-sqlserver": "^2.0.1", + "sequelize": "^6.21.2", + "tedious": "^1.14.0", + "@snyk/protect": "latest" }, "scripts": { "debug": "node debug app.js", - "start": "node app.js" + "start": "node app.js", + "prepublish": "npm run snyk-protect", + "snyk-protect": "snyk-protect" }, "main": "app.js", "repository": { @@ -37,5 +40,6 @@ "license": "", "engines": { "node": "6.6.0" - } + }, + "snyk": true }