blog/.snyk

# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.12.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
  'npm:braces:20180219':
    - '*':
        reason: Patch/update unavailable
        expires: 2018-12-31T00:00:00.000Z
  'npm:chownr:20180731':
    - '*':
        reason: Patch/update unavailable
        expires: '2018-12-31T00:00:00.000Z'
  'npm:base64url:20180511':
    - renovate > docker-registry-client > base64url:
        reason: Patch/update unavailable
        expires: '2018-12-31T00:00:00.000Z'
    - renovate > docker-registry-client > jws > base64url:
        reason: Patch/update unavailable
        expires: '2018-12-31T00:00:00.000Z'
  'npm:mem:20180117':
    - renovate > npm > libnpx > yargs > os-locale > mem:
        reason: Patch/update unavailable
        expires: '2018-12-31T00:00:00.000Z'
  'npm:tough-cookie:20170905':
    - renovate > docker-registry-client > tough-cookie:
        reason: Patch/update unavailable
        expires: '2018-12-31T00:00:00.000Z'
# patches apply the minimum changes required to fix a vulnerability
patch:
  'npm:lodash:20180130':
    - renovate > docker-registry-client > restify-clients > restify-errors > lodash:
        patched: '2018-10-27T00:00:00.000Z'
    - renovate > docker-registry-client > restify-errors > lodash:
        patched: '2018-10-27T00:00:00.000Z'
  'npm:tough-cookie:20160722':
    - renovate > docker-registry-client > tough-cookie:
        patched: '2018-10-27T00:00:00.000Z'
fix: .snyk & package.json to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:lodash:20180130 - https://snyk.io/vuln/npm:tunnel-agent:20170305 2018-09-24 08:27:53 +00:00			`# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.`
			`version: v1.12.0`
Add snyk to CI Use proper snyk flow https://snyk.io/docs/using-snyk/ 2018-09-25 00:16:25 +00:00			`# ignores vulnerabilities until expiry date; change duration by modifying expiry date`
			`ignore:`
			`'npm:braces:20180219':`
			`- '*':`
			`reason: Patch/update unavailable`
			`expires: 2018-12-31T00:00:00.000Z`
Update snyk policy 2018-09-30 08:31:45 +00:00			`'npm:chownr:20180731':`
Add ignore policy to snyk 2018-10-11 01:08:56 +00:00			`- '*':`
Update snyk policy 2018-09-30 08:31:45 +00:00			`reason: Patch/update unavailable`
			`expires: '2018-12-31T00:00:00.000Z'`
test: update snyk policy to address renovate package 2018-10-28 07:32:45 +00:00			`'npm:base64url:20180511':`
			`- renovate > docker-registry-client > base64url:`
			`reason: Patch/update unavailable`
			`expires: '2018-12-31T00:00:00.000Z'`
			`- renovate > docker-registry-client > jws > base64url:`
			`reason: Patch/update unavailable`
			`expires: '2018-12-31T00:00:00.000Z'`
			`'npm:mem:20180117':`
			`- renovate > npm > libnpx > yargs > os-locale > mem:`
			`reason: Patch/update unavailable`
			`expires: '2018-12-31T00:00:00.000Z'`
			`'npm:tough-cookie:20170905':`
			`- renovate > docker-registry-client > tough-cookie:`
			`reason: Patch/update unavailable`
			`expires: '2018-12-31T00:00:00.000Z'`
test: fix snyk unable to patch snyk requires GNU's patch that support --backup argument, the argument is not supported by alpine built-in busybox's patch https://github.com/snyk/snyk/issues/108#issuecomment-412937627 https://github.com/snyk/snyk/issues/99#issuecomment-322202989 previous commit (faa286cb5f2242a9027fed439caa8a4074919bd5) did not fix 2018-10-30 09:59:09 +00:00			`# patches apply the minimum changes required to fix a vulnerability`
			`patch:`
test: update snyk policy to address renovate package 2018-10-28 07:32:45 +00:00			`'npm:lodash:20180130':`
			`- renovate > docker-registry-client > restify-clients > restify-errors > lodash:`
test: fix snyk unable to patch snyk requires GNU's patch that support --backup argument, the argument is not supported by alpine built-in busybox's patch https://github.com/snyk/snyk/issues/108#issuecomment-412937627 https://github.com/snyk/snyk/issues/99#issuecomment-322202989 previous commit (faa286cb5f2242a9027fed439caa8a4074919bd5) did not fix 2018-10-30 09:59:09 +00:00			`patched: '2018-10-27T00:00:00.000Z'`
test: update snyk policy to address renovate package 2018-10-28 07:32:45 +00:00			`- renovate > docker-registry-client > restify-errors > lodash:`
test: fix snyk unable to patch snyk requires GNU's patch that support --backup argument, the argument is not supported by alpine built-in busybox's patch https://github.com/snyk/snyk/issues/108#issuecomment-412937627 https://github.com/snyk/snyk/issues/99#issuecomment-322202989 previous commit (faa286cb5f2242a9027fed439caa8a4074919bd5) did not fix 2018-10-30 09:59:09 +00:00			`patched: '2018-10-27T00:00:00.000Z'`
test: update snyk policy to address renovate package 2018-10-28 07:32:45 +00:00			`'npm:tough-cookie:20160722':`
			`- renovate > docker-registry-client > tough-cookie:`
test: fix snyk unable to patch snyk requires GNU's patch that support --backup argument, the argument is not supported by alpine built-in busybox's patch https://github.com/snyk/snyk/issues/108#issuecomment-412937627 https://github.com/snyk/snyk/issues/99#issuecomment-322202989 previous commit (faa286cb5f2242a9027fed439caa8a4074919bd5) did not fix 2018-10-30 09:59:09 +00:00			`patched: '2018-10-27T00:00:00.000Z'`