From 990fc80a3051e144070297274da9faec98b3b1d5 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 25 May 2017 08:41:10 +0000 Subject: [PATCH] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/npm:ms:20170412 - https://snyk.io/vuln/npm:ms:20170412 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:ms:20170412 Latest report for zicog/node-tls-example: https://snyk.io/test/github/zicog/node-tls-example --- .snyk | 14 ++++++++++++-- package.json | 6 +++--- 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/.snyk b/.snyk index f348695..ecbcde2 100644 --- a/.snyk +++ b/.snyk @@ -1,5 +1,5 @@ # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. -version: v1.7.0 +version: v1.7.1 # ignores vulnerabilities until expiry date; change duration by modifying expiry date ignore: 'npm:ws:20160920': @@ -12,4 +12,14 @@ ignore: - socket.io > socket.io-client > engine.io-client > ws: reason: None given expires: '2017-03-18T14:30:25.299Z' -patch: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:ms:20170412': + - socket.io > socket.io-adapter > debug > ms: + patched: '2017-05-25T08:41:10.326Z' + - socket.io > socket.io-client > debug > ms: + patched: '2017-05-25T08:41:10.326Z' + - socket.io-client > debug > ms: + patched: '2017-05-25T08:41:10.326Z' + - socket.io > socket.io-adapter > socket.io-parser > debug > ms: + patched: '2017-05-25T08:41:10.326Z' diff --git a/package.json b/package.json index 691a90c..b38c12c 100644 --- a/package.json +++ b/package.json @@ -9,9 +9,9 @@ "express": "^4.13.4", "morgan": "^1.7.0", "mqtt": "^1.7.2", - "socket.io": "^1.4.5", - "socket.io-client": "^1.4.5", - "snyk": "^1.25.0" + "socket.io": "^2.0.0", + "socket.io-client": "^2.0.0", + "snyk": "^1.30.1" }, "devDependencies": {}, "scripts": {