fix: package.json & .snyk to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/npm:debug:20170905 - https://snyk.io/vuln/npm:ms:20170412 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:debug:20170905 - https://snyk.io/vuln/npm:ms:20170412 Latest report for billchurch/webssh2: https://snyk.io/test/github/billchurch/webssh2
2018-02-08 20:34:45 +00:00 · 2018-02-08 20:34:45 +00:00 · 45065debd2
commit 45065debd2
parent 207832d318
2 changed files with 17 additions and 7 deletions
--- a/.snyk
+++ b/.snyk
@ -1,5 +1,5 @@
 # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
-version: v1.7.1
+version: v1.10.1
 # ignores vulnerabilities until expiry date; change duration by modifying expiry date
 ignore:
  'npm:ms:20170412':
@ -130,4 +130,11 @@ ignore:
    - express > serve-static > send > mime:
        reason: no suitable upgrade path
        expires: '2017-10-27T18:37:13.178Z'
-patch: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:debug:20170905':
+    - socket.io > socket.io-adapter > socket.io-parser > debug:
+        patched: '2018-02-08T20:34:45.331Z'
+  'npm:ms:20170412':
+    - socket.io > socket.io-adapter > socket.io-parser > debug > ms:
+        patched: '2018-02-08T20:34:45.331Z'
--- a/package.json
+++ b/package.json
@ -34,9 +34,10 @@
    "express-session": "^1.15.6",
    "morgan": "^1.9.0",
    "read-config": "^1.6.0",
-    "socket.io": "^1.7.4",
+    "socket.io": "2.0.2",
    "ssh2": "^0.5.5",
-    "validator": "^9.0.0"
+    "validator": "^9.0.0",
+    "snyk": "^1.69.7"
  },
  "scripts": {
    "start": "node index.js",
@ -45,7 +46,9 @@
    "watch": "nodemon index.js",
    "build": "webpack --config webpack.prod.js",
    "standard": "standard --verbose | snazzy",
-    "cleanmac": "find . -name '.DS_Store' -type f -delete"
+    "cleanmac": "find . -name '.DS_Store' -type f -delete",
+    "snyk-protect": "snyk protect",
+    "prepublish": "npm run snyk-protect"
  },
  "devDependencies": {
    "@fortawesome/fontawesome": "^1.1.3",
@ -58,7 +61,6 @@
    "file-loader": "^1.1.6",
    "nodemon": "^1.11.0",
    "snazzy": "^7.0.0",
-    "snyk": "^1.39.1",
    "standard": "^10.0.3",
    "style-loader": "^0.20.1",
    "uglifyjs-webpack-plugin": "^1.1.8",
@ -72,5 +74,6 @@
    "ignore": [
      "public/webssh2.bundle.js"
    ]
-  }
+  },
+  "snyk": true
 }