From b13e65638c57f4851cfb098f8662d92f0a211a7e Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 1 May 2020 08:53:29 +0500 Subject: [PATCH 1/2] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- package.json | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/package.json b/package.json index d908183deb..e123ebe297 100644 --- a/package.json +++ b/package.json @@ -57,7 +57,9 @@ "benchmark:browser": "echo \"Error: no benchmarks yet\" && exit 1", "release": "aegir release -t node -t browser", "release-minor": "aegir release --type minor -t node -t browser", - "release-major": "aegir release --type major -t node -t browser" + "release-major": "aegir release --type major -t node -t browser", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" }, "dependencies": { "@hapi/ammo": "^3.1.1", @@ -190,7 +192,8 @@ "uri-to-multiaddr": "^3.0.1", "varint": "^5.0.0", "yargs": "^14.0.0", - "yargs-promise": "^1.1.0" + "yargs-promise": "^1.1.0", + "snyk": "^1.316.1" }, "devDependencies": { "aegir": "^20.3.1", @@ -352,5 +355,6 @@ "victorbjelkholm ", "Łukasz Magiera ", "Максим Ильин " - ] + ], + "snyk": true } From f44805bfd8b4f0a54b26d0e8a4132aa62cd86c54 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 1 May 2020 08:53:30 +0500 Subject: [PATCH 2/2] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- .snyk | 306 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 306 insertions(+) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000000..55f3e96339 --- /dev/null +++ b/.snyk @@ -0,0 +1,306 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.14.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - lodash: + patched: '2020-05-01T03:53:27.363Z' + - async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-crypto > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - peer-id > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - ipfs-http-client > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - ipfs-http-response > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-bootstrap > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-floodsub > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-gossipsub > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-kad-dht > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-mdns > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-secio > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-webrtc-star > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-websocket-star-multi > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - pull-mplex > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p > latency-monitor > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - peer-id > libp2p-crypto > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - ipns > libp2p-crypto > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p > libp2p-crypto > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-floodsub > libp2p-crypto > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-kad-dht > libp2p-crypto > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-keychain > libp2p-crypto > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-secio > libp2p-crypto > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - peer-info > peer-id > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - ipfs-http-client > peer-id > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - ipns > peer-id > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - peer-book > peer-id > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p > peer-id > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-bootstrap > peer-id > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-delegated-peer-routing > peer-id > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-gossipsub > peer-id > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-kad-dht > peer-id > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-mdns > peer-id > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-secio > peer-id > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-webrtc-star > peer-id > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - ipld-ethereum > ethereumjs-block > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - ipld-ethereum > merkle-patricia-tree > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p > multistream-select > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-gossipsub > multistream-select > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-delegated-content-routing > ipfs-http-client > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-delegated-peer-routing > ipfs-http-client > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-floodsub > libp2p-pubsub > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-gossipsub > libp2p-pubsub > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-gossipsub > libp2p-floodsub > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-kad-dht > libp2p-record > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-websocket-star-multi > libp2p-websocket-star > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - ipns > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-floodsub > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-kad-dht > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-keychain > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-secio > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - peer-info > peer-id > libp2p-crypto > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - ipfs-http-client > peer-id > libp2p-crypto > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - ipns > peer-id > libp2p-crypto > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - peer-book > peer-id > libp2p-crypto > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p > peer-id > libp2p-crypto > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-bootstrap > peer-id > libp2p-crypto > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-delegated-peer-routing > peer-id > libp2p-crypto > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-gossipsub > peer-id > libp2p-crypto > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-kad-dht > peer-id > libp2p-crypto > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-mdns > peer-id > libp2p-crypto > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-secio > peer-id > libp2p-crypto > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-webrtc-star > peer-id > libp2p-crypto > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-floodsub > libp2p-pubsub > libp2p-crypto > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-gossipsub > libp2p-pubsub > libp2p-crypto > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-gossipsub > libp2p-floodsub > libp2p-crypto > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-websocket-star-multi > libp2p-websocket-star > libp2p-crypto > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - ipfs-http-client > peer-info > peer-id > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - peer-book > peer-info > peer-id > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p > peer-info > peer-id > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-bootstrap > peer-info > peer-id > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-gossipsub > peer-info > peer-id > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-kad-dht > peer-info > peer-id > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-mdns > peer-info > peer-id > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-secio > peer-info > peer-id > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-webrtc-star > peer-info > peer-id > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p > peer-book > peer-id > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-delegated-content-routing > ipfs-http-client > peer-id > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-delegated-peer-routing > ipfs-http-client > peer-id > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-websocket-star-multi > libp2p-websocket-star > peer-id > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-gossipsub > libp2p-floodsub > libp2p-pubsub > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-floodsub > libp2p-pubsub > sinon > @sinonjs/samsam > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-gossipsub > libp2p-pubsub > sinon > @sinonjs/samsam > lodash: + patched: '2020-05-01T03:53:27.363Z' + - peer-info > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - ipfs-http-client > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - ipns > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - peer-book > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-bootstrap > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-delegated-peer-routing > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-gossipsub > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-kad-dht > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-mdns > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-secio > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-webrtc-star > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-floodsub > libp2p-pubsub > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-gossipsub > libp2p-pubsub > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-gossipsub > libp2p-floodsub > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-websocket-star-multi > libp2p-websocket-star > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - ipfs-http-client > peer-info > peer-id > libp2p-crypto > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - peer-book > peer-info > peer-id > libp2p-crypto > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p > peer-info > peer-id > libp2p-crypto > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-bootstrap > peer-info > peer-id > libp2p-crypto > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-gossipsub > peer-info > peer-id > libp2p-crypto > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-kad-dht > peer-info > peer-id > libp2p-crypto > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-mdns > peer-info > peer-id > libp2p-crypto > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-secio > peer-info > peer-id > libp2p-crypto > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-webrtc-star > peer-info > peer-id > libp2p-crypto > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p > peer-book > peer-id > libp2p-crypto > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-delegated-content-routing > ipfs-http-client > peer-id > libp2p-crypto > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-delegated-peer-routing > ipfs-http-client > peer-id > libp2p-crypto > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-websocket-star-multi > libp2p-websocket-star > peer-id > libp2p-crypto > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-gossipsub > libp2p-floodsub > libp2p-pubsub > libp2p-crypto > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p > peer-book > peer-info > peer-id > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-delegated-content-routing > ipfs-http-client > peer-info > peer-id > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-delegated-peer-routing > ipfs-http-client > peer-info > peer-id > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-websocket-star-multi > libp2p-websocket-star > peer-info > peer-id > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-floodsub > libp2p-pubsub > sinon > @sinonjs/formatio > @sinonjs/samsam > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-gossipsub > libp2p-pubsub > sinon > @sinonjs/formatio > @sinonjs/samsam > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-gossipsub > libp2p-floodsub > libp2p-pubsub > sinon > @sinonjs/samsam > lodash: + patched: '2020-05-01T03:53:27.363Z' + - ipfs-http-client > peer-info > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - peer-book > peer-info > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p > peer-info > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-bootstrap > peer-info > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-gossipsub > peer-info > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-kad-dht > peer-info > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-mdns > peer-info > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-secio > peer-info > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-webrtc-star > peer-info > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p > peer-book > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-delegated-content-routing > ipfs-http-client > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-delegated-peer-routing > ipfs-http-client > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-websocket-star-multi > libp2p-websocket-star > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-gossipsub > libp2p-floodsub > libp2p-pubsub > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p > peer-book > peer-info > peer-id > libp2p-crypto > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-delegated-content-routing > ipfs-http-client > peer-info > peer-id > libp2p-crypto > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-delegated-peer-routing > ipfs-http-client > peer-info > peer-id > libp2p-crypto > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-websocket-star-multi > libp2p-websocket-star > peer-info > peer-id > libp2p-crypto > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-floodsub > libp2p-pubsub > sinon > nise > @sinonjs/formatio > @sinonjs/samsam > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-gossipsub > libp2p-pubsub > sinon > nise > @sinonjs/formatio > @sinonjs/samsam > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-gossipsub > libp2p-floodsub > libp2p-pubsub > sinon > @sinonjs/formatio > @sinonjs/samsam > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p > peer-book > peer-info > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-delegated-content-routing > ipfs-http-client > peer-info > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-delegated-peer-routing > ipfs-http-client > peer-info > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-websocket-star-multi > libp2p-websocket-star > peer-info > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2020-05-01T03:53:27.363Z' + - libp2p-gossipsub > libp2p-floodsub > libp2p-pubsub > sinon > nise > @sinonjs/formatio > @sinonjs/samsam > lodash: + patched: '2020-05-01T03:53:27.363Z'