From 5eb3717bf7abc4da66c09b86b8f90c5ebc54618e Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 4 Oct 2019 05:12:10 +0000 Subject: [PATCH] fix: plugins/google-cloud/package.json & plugins/google-cloud/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-HTTPSPROXYAGENT-469131 --- plugins/google-cloud/.snyk | 36 +++++++++++++++++++++++++++++++ plugins/google-cloud/package.json | 10 ++++++--- 2 files changed, 43 insertions(+), 3 deletions(-) create mode 100644 plugins/google-cloud/.snyk diff --git a/plugins/google-cloud/.snyk b/plugins/google-cloud/.snyk new file mode 100644 index 00000000..8de8f642 --- /dev/null +++ b/plugins/google-cloud/.snyk @@ -0,0 +1,36 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.13.5 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-HTTPSPROXYAGENT-469131: + - '@google-cloud/storage > @google-cloud/common > google-auth-library > gaxios > https-proxy-agent': + patched: '2019-10-04T05:12:08.723Z' + - '@google-cloud/storage > gaxios > https-proxy-agent': + patched: '2019-10-04T05:12:08.723Z' + - '@google-cloud/datastore > google-auth-library > gaxios > https-proxy-agent': + patched: '2019-10-04T05:12:08.723Z' + - '@google-cloud/storage > gcs-resumable-upload > gaxios > https-proxy-agent': + patched: '2019-10-04T05:12:08.723Z' + - '@google-cloud/datastore > google-auth-library > gtoken > gaxios > https-proxy-agent': + patched: '2019-10-04T05:12:08.723Z' + - '@google-cloud/datastore > google-auth-library > gcp-metadata > gaxios > https-proxy-agent': + patched: '2019-10-04T05:12:08.723Z' + - '@google-cloud/datastore > google-gax > google-auth-library > gaxios > https-proxy-agent': + patched: '2019-10-04T05:12:08.723Z' + - '@google-cloud/storage > @google-cloud/common > teeny-request > https-proxy-agent': + patched: '2019-10-04T05:12:08.723Z' + - '@google-cloud/storage > gcs-resumable-upload > google-auth-library > gaxios > https-proxy-agent': + patched: '2019-10-04T05:12:08.723Z' + - '@google-cloud/datastore > google-gax > google-auth-library > gtoken > gaxios > https-proxy-agent': + patched: '2019-10-04T05:12:08.723Z' + - '@google-cloud/datastore > google-gax > google-auth-library > gcp-metadata > gaxios > https-proxy-agent': + patched: '2019-10-04T05:12:08.723Z' + - '@google-cloud/storage > @google-cloud/common > google-auth-library > gtoken > gaxios > https-proxy-agent': + patched: '2019-10-04T05:12:08.723Z' + - '@google-cloud/storage > @google-cloud/common > google-auth-library > gcp-metadata > gaxios > https-proxy-agent': + patched: '2019-10-04T05:12:08.723Z' + - '@google-cloud/storage > gcs-resumable-upload > google-auth-library > gcp-metadata > gaxios > https-proxy-agent': + patched: '2019-10-04T05:12:08.723Z' + - '@google-cloud/storage > gcs-resumable-upload > google-auth-library > gtoken > gaxios > https-proxy-agent': + patched: '2019-10-04T05:12:08.723Z' diff --git a/plugins/google-cloud/package.json b/plugins/google-cloud/package.json index 028db445..57de1ba9 100644 --- a/plugins/google-cloud/package.json +++ b/plugins/google-cloud/package.json @@ -32,7 +32,8 @@ "@google-cloud/datastore": "4.3.0", "@google-cloud/storage": "3.2.1", "@verdaccio/commons-api": "^8.1.2", - "@verdaccio/streams": "^8.1.2" + "@verdaccio/streams": "^8.1.2", + "snyk": "^1.230.5" }, "devDependencies": { "@verdaccio/babel-preset": "^8.1.2", @@ -51,6 +52,9 @@ "lint": "eslint \"**/*.{js,ts}\"", "test": " jest --config ./jest.config.js", "type-check": "tsc --noEmit", - "type-check:watch": "npm run type-check -- --watch" - } + "type-check:watch": "npm run type-check -- --watch", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" + }, + "snyk": true }