From 7269520c1ed1e43427442986d045cc63e47392f5 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 9 May 2018 00:25:03 +0000 Subject: [PATCH] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/npm:hoek:20180212 - https://snyk.io/vuln/npm:mime:20170907 - https://snyk.io/vuln/npm:fresh:20170908 - https://snyk.io/vuln/npm:debug:20170905 - https://snyk.io/vuln/npm:ua-parser-js:20171012 - https://snyk.io/vuln/npm:qs:20170213 - https://snyk.io/vuln/npm:ms:20170412 - https://snyk.io/vuln/npm:ws:20160920 - https://snyk.io/vuln/npm:ws:20171108 - https://snyk.io/vuln/npm:tunnel-agent:20170305 - https://snyk.io/vuln/npm:tough-cookie:20170905 - https://snyk.io/vuln/npm:clean-css:20180306 - https://snyk.io/vuln/npm:minimatch:20160620 - https://snyk.io/vuln/npm:deep-extend:20180409 - https://snyk.io/vuln/npm:lodash:20180130 - https://snyk.io/vuln/npm:braces:20180219 - https://snyk.io/vuln/npm:braces:20180219 - https://snyk.io/vuln/npm:braces:20180219 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:debug:20170905 Latest report for bolt-design-system/bolt-build-tools: https://snyk.io/test/github/bolt-design-system/bolt-build-tools --- .snyk | 14 ++++++++++++++ package.json | 26 ++++++++++++++++---------- 2 files changed, 30 insertions(+), 10 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..6b6a68f --- /dev/null +++ b/.snyk @@ -0,0 +1,14 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.12.0 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:debug:20170905': + - browser-sync > connect > debug: + patched: '2018-05-09T00:25:03.113Z' + - browser-sync > connect > finalhandler > debug: + patched: '2018-05-09T00:25:03.113Z' + - browser-sync > serve-index > debug: + patched: '2018-05-09T00:25:03.113Z' + - browser-sync > localtunnel > debug: + patched: '2018-05-09T00:25:03.113Z' diff --git a/package.json b/package.json index f32bc98..cbaef72 100644 --- a/package.json +++ b/package.json @@ -27,10 +27,10 @@ "babel-preset-es2015": "^6.13.2", "babel-preset-react": "^6.11.1", "babel-runtime": "^6.11.6", - "browser-sync": "2.12.9", + "browser-sync": "2.24.0", "browser-sync-close-hook": "^1.0.5", "bundle-loader": "^0.5.4", - "clean-css": "^3.4.19", + "clean-css": "^4.1.11", "conventional-github-releaser": "^1.1.3", "dotenv": "^4.0.0", "event-stream": "^3.3.4", @@ -39,7 +39,7 @@ "fs": "0.0.2", "glob": "^7.0.6", "gm": "^1.23.0", - "gulp": "^3.9.1", + "gulp": "^4.0.0", "gulp-babel": "^6.1.2", "gulp-bless": "^3.1.0", "gulp-bump": "^2.7.0", @@ -72,7 +72,7 @@ "gulp-shell": "^0.5.2", "gulp-size": "^2.1.0", "gulp-sourcemaps": "^1.6.0", - "gulp-stylelint": "^3.4.0", + "gulp-stylelint": "^4.0.0", "gulp-stylelint-checkstyle-reporter": "^0.2.0", "gulp-svgmin": "^1.2.2", "gulp-svgstore": "^6.0.0", @@ -95,7 +95,7 @@ "path": "^0.12.7", "penthouse": "^0.9.14", "phantomjs-prebuilt": "^2.1.12", - "postcss-assets": "^4.1.0", + "postcss-assets": "^5.0.0", "postcss-discard-duplicates": "^2.0.1", "postcss-import": "^7.1.3", "postcss-reporter": "^1.4.1", @@ -111,12 +111,18 @@ "support-for": "^1.0.6", "through2": "^2.0.1", "uglify-js": "^2.7.0", - "webpack": "^1.13.1", + "webpack": "^2.2.0", "webpack-dev-middleware": "^1.6.1", - "webpack-dev-server": "^1.14.1", + "webpack-dev-server": "^3.1.2", "webpack-hot-middleware": "^2.12.2", "webpack-module-hot-accept": "^1.0.4", - "webpack-stream": "^3.2.0", - "yargs": "^4.8.1" - } + "webpack-stream": "^4.0.0", + "yargs": "^4.8.1", + "snyk": "^1.79.0" + }, + "scripts": { + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" + }, + "snyk": true }