From e3feceb57579281f0bd1db626fc4dbe43b029d1c Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 4 Oct 2019 06:40:14 +0000 Subject: [PATCH] fix: frontend/package.json, frontend/package-lock.json & frontend/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-HTTPSPROXYAGENT-469131 --- frontend/.snyk | 5 ++++ frontend/package-lock.json | 49 ++++++++++++++++---------------------- frontend/package.json | 2 +- 3 files changed, 26 insertions(+), 30 deletions(-) diff --git a/frontend/.snyk b/frontend/.snyk index 25ad7ea1..3f0138f7 100644 --- a/frontend/.snyk +++ b/frontend/.snyk @@ -6,3 +6,8 @@ patch: SNYK-JS-AXIOS-174505: - axios: patched: '2019-05-29T00:55:39.886Z' + SNYK-JS-HTTPSPROXYAGENT-469131: + - snyk > proxy-agent > https-proxy-agent: + patched: '2019-10-04T06:39:44.121Z' + - snyk > proxy-agent > pac-proxy-agent > https-proxy-agent: + patched: '2019-10-04T06:39:44.121Z' diff --git a/frontend/package-lock.json b/frontend/package-lock.json index a3623966..e0770d7d 100644 --- a/frontend/package-lock.json +++ b/frontend/package-lock.json @@ -6416,10 +6416,9 @@ "integrity": "sha1-7AbBDgo0wPL68Zn3/X/Hj//QPHM=", "dev": true }, - "https-proxy-agent": { - "version": "2.2.2", - "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-2.2.2.tgz", - "integrity": "sha512-c8Ndjc9Bkpfx/vCJueCPy0jlP4ccCCSNDp8xwCZzPjKJUm+B+u9WX2x98Qx4n1PiMNTWo3D7KK5ifNV/yJyRzg==", + "https-proxy-agent-snyk-fork": { + "version": "git://github.com/snyk/node-https-proxy-agent.git#5e86ccb682d0c833c8daa25ee6f91c670161cd66", + "from": "git://github.com/snyk/node-https-proxy-agent.git#fix/https-agent-vuln", "requires": { "agent-base": "^4.3.0", "debug": "^3.1.0" @@ -8507,15 +8506,14 @@ "dev": true }, "pac-proxy-agent": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/pac-proxy-agent/-/pac-proxy-agent-3.0.0.tgz", - "integrity": "sha512-AOUX9jES/EkQX2zRz0AW7lSx9jD//hQS8wFXBvcnd/J2Py9KaMJMqV/LPqJssj1tgGufotb2mmopGPR15ODv1Q==", + "version": "git://github.com/snyk/node-pac-proxy-agent.git#e962ea0fe8db650a55e349e1b422e3ac99bfe451", + "from": "git://github.com/snyk/node-pac-proxy-agent.git#fix/https-proxy-agent-vuln", "requires": { "agent-base": "^4.2.0", "debug": "^3.1.0", "get-uri": "^2.0.0", "http-proxy-agent": "^2.1.0", - "https-proxy-agent": "^2.2.1", + "https-proxy-agent-snyk-fork": "git://github.com/snyk/node-https-proxy-agent.git#fix/https-agent-vuln", "pac-resolver": "^3.0.0", "raw-body": "^2.2.0", "socks-proxy-agent": "^4.0.1" @@ -10100,16 +10098,15 @@ } }, "proxy-agent": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/proxy-agent/-/proxy-agent-3.1.0.tgz", - "integrity": "sha512-IkbZL4ClW3wwBL/ABFD2zJ8iP84CY0uKMvBPk/OceQe/cEjrxzN1pMHsLwhbzUoRhG9QbSxYC+Z7LBkTiBNvrA==", + "version": "git://github.com/snyk/node-proxy-agent.git#c25ef74cbe593a4d60a71ff3053466e4b3171711", + "from": "git://github.com/snyk/node-proxy-agent.git#fix/https-agent-vuln", "requires": { "agent-base": "^4.2.0", "debug": "^3.1.0", "http-proxy-agent": "^2.1.0", - "https-proxy-agent": "^2.2.1", + "https-proxy-agent-snyk-fork": "git://github.com/snyk/node-https-proxy-agent.git#fix/https-agent-vuln", "lru-cache": "^4.1.2", - "pac-proxy-agent": "^3.0.0", + "pac-proxy-agent": "git://github.com/snyk/node-pac-proxy-agent.git#fix/https-proxy-agent-vuln", "proxy-from-env": "^1.0.0", "socks-proxy-agent": "^4.0.1" }, @@ -10434,11 +10431,6 @@ "version": "1.1.1", "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.1.1.tgz", "integrity": "sha512-JvdAWfbXeIGaZ9cILp38HntZSFSo3mWg6xGcJJsd+d4aRMOqauag1C63dJfDw7OaMYwEbHMOxEZ1lqVRYP2OAw==" - }, - "statuses": { - "version": "1.5.0", - "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz", - "integrity": "sha1-Fhx9rBd2Wf2YEfQ3cfqZOBR4Yow=" } } }, @@ -11370,9 +11362,9 @@ } }, "snyk": { - "version": "1.230.2", - "resolved": "https://registry.npmjs.org/snyk/-/snyk-1.230.2.tgz", - "integrity": "sha512-jih2NlHLMNxwLiXOj+X/cFgVJR6m1Iu7JqfDM2A0SnZ/PCULL5QKN89V2Ii0YQbaBm6lnZ3NIn4X4yE2PlFyDA==", + "version": "1.230.5", + "resolved": "https://registry.npmjs.org/snyk/-/snyk-1.230.5.tgz", + "integrity": "sha512-kzy6FHMyneVXcezBVO0xRbEDSZSPj9Z/fDH4HFwOm5cpm/HErQ8B86fO6KtfSNIsruWUFcobEzP1q41nOdleAQ==", "requires": { "@snyk/cli-interface": "^2.0.3", "@snyk/dep-graph": "1.12.0", @@ -11393,7 +11385,7 @@ "needle": "^2.2.4", "opn": "^5.5.0", "os-name": "^3.0.0", - "proxy-agent": "^3.1.0", + "proxy-agent": "git://github.com/snyk/node-proxy-agent.git#fix/https-agent-vuln", "proxy-from-env": "^1.0.0", "semver": "^6.0.0", "snyk-config": "^2.2.1", @@ -11406,7 +11398,7 @@ "snyk-nuget-plugin": "1.12.1", "snyk-php-plugin": "1.6.4", "snyk-policy": "1.13.5", - "snyk-python-plugin": "^1.13.2", + "snyk-python-plugin": "^1.13.3", "snyk-resolve": "1.0.1", "snyk-resolve-deps": "4.4.0", "snyk-sbt-plugin": "2.8.0", @@ -11751,11 +11743,11 @@ } }, "snyk-python-plugin": { - "version": "1.13.2", - "resolved": "https://registry.npmjs.org/snyk-python-plugin/-/snyk-python-plugin-1.13.2.tgz", - "integrity": "sha512-G9R1cYHw0E/VSx9tFa5nZp+653FIMXheteidrF3hjUe71jRdJELEUV/z5jxqYEWEFemcwGhMfW87De91GChVIQ==", + "version": "1.13.3", + "resolved": "https://registry.npmjs.org/snyk-python-plugin/-/snyk-python-plugin-1.13.3.tgz", + "integrity": "sha512-Ud7mHmpMG4uCChvYLx5jA8HwOV/FNpT65xTxSt+6wsOjIUTuLiqM86mbvgzgk3pir8vMP9yQEsCi1i0zYLBArw==", "requires": { - "@snyk/cli-interface": "^2.0.2", + "@snyk/cli-interface": "^2.0.3", "tmp": "0.0.33" } }, @@ -12172,8 +12164,7 @@ "statuses": { "version": "1.5.0", "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz", - "integrity": "sha1-Fhx9rBd2Wf2YEfQ3cfqZOBR4Yow=", - "dev": true + "integrity": "sha1-Fhx9rBd2Wf2YEfQ3cfqZOBR4Yow=" }, "stream-browserify": { "version": "2.0.2", diff --git a/frontend/package.json b/frontend/package.json index 758af4c3..d9428eb2 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -16,7 +16,7 @@ "vue-flatpickr-component": "^8.1.3", "vue-router": "^3.1.3", "vuex": "^3.1.1", - "snyk": "^1.230.2" + "snyk": "^1.230.5" }, "description": "frontend", "devDependencies": {