Commit Graph

30 Commits

Author SHA1 Message Date
MDLeom 696bfbab40
chore(snyk): add 'SNYK-JS-MARKDOWN-560793' and 'SNYK-JS-LODASH-567746' 2020-05-05 07:02:15 +01:00
MDLeom f09ef1d5bd
chore(snyk): patch lodash
https://snyk.io/vuln/SNYK-JS-LODASH-567746
2020-05-04 11:29:53 +01:00
MDLeom eeb2570405
chore(snyk): ignore DOTPROP & YARGSPARSER 2020-03-28 06:08:12 +00:00
MDLeom 7814bc16fc
chore(snyk): ignore SNYK-JS-MINIMIST-559764 2020-03-14 05:13:13 +00:00
MDLeom de4e8927a8
chore(snyk): 'SNYK-JS-DOTPROP-543489' caused by npm
- Remove outdated policies
2020-02-20 18:50:21 +00:00
curben ac35598b04
ci(snyk): ignore https-proxy-agent 2019-10-17 04:52:09 +01:00
curben 214bf336aa
ci(snyk): remove https-proxy-agent 2019-10-17 04:45:58 +01:00
curben fddc040c42
ci(snyk): update policy 2019-10-17 04:41:00 +01:00
curben fbb01fe1fd
chore(synk): add SNYK-JS-HANDLEBARS-469063
https://snyk.io/vuln/SNYK-JS-HANDLEBARS-469063
2019-10-01 17:20:14 +01:00
curben fefcaf342d
test(snyk): add mem, introduced by npm 2019-08-11 12:00:41 +09:30
curben 2b4a4b8ca5
test(snyk): add mem, introduced by renovate 2019-08-11 11:06:16 +09:30
curben b1c71c1ff0
test: remove snyk policy 2019-08-08 19:09:05 +09:30
curben 875a9b501c
test(snyk): expires snapdragon temporarily
snapdragon package shouldn't be installed after switch to micromatch
2019-08-08 16:52:01 +09:30
curben 6260cce61c test(snyk): add lodash and marked 2019-07-08 18:37:09 +09:30
curben e4cf43dd85 test(snyk): mention affected deps 2019-06-22 14:22:45 +09:30
curben 94d57346a6 test(snyk): ignore set-value and mixin-deep
* https://snyk.io/vuln/SNYK-JS-SETVALUE-450213
* https://snyk.io/vuln/SNYK-JS-MIXINDEEP-450212
* Remove braces and marked
2019-06-21 13:39:29 +09:30
curben a86ded70ab chore: update snyk policy
https://snyk.io/vuln/SNYK-JS-MARKED-174116
2019-04-12 12:57:47 +09:30
curben c6b89c5fa7 chore: update snyk policy 2019-04-05 11:38:40 +10:30
curben 3eee65de99 chore: update snyk policy 2019-03-08 20:56:46 +10:30
curben 28ff8fcb22 chore: update expiry of snyk ignore policy
Updated 'renovate' package has fixed vulnerabilities.
2018-12-31 21:26:28 +10:30
curben efe8183b85 test: fix snyk unable to patch
snyk requires GNU's patch that support --backup argument,
the argument is not supported by alpine built-in busybox's patch

https://github.com/snyk/snyk/issues/108#issuecomment-412937627
https://github.com/snyk/snyk/issues/99#issuecomment-322202989

previous commit (faa286cb5f) did not fix
2018-10-30 20:29:09 +10:30
curben d44428f41a test: hold back snyk patch due to failure 2018-10-28 20:53:06 +10:30
curben faa286cb5f test: fix snyk unable to patch 2018-10-28 19:03:30 +10:30
curben 6b71cb0ad6 test: update snyk policy to address renovate package 2018-10-28 18:02:45 +10:30
curben bb89c070b1 Add ignore policy to snyk 2018-10-11 11:38:56 +10:30
curben be05e66517 Update snyk policy 2018-09-30 18:01:45 +09:30
curben e32264c365 Replace hexo-autonofollow with hexo-filter-nofollow
hexo-filter-nofollow has updated cheerio
https://snyk.io/test/npm/hexo-suka-autonofollow
2018-09-28 12:17:40 +09:30
curben 2e7d211a4f Remove hexo-all-minifier snyk patches
Not applicable anymore
cc1b2fc204
2018-09-27 21:51:53 +09:30
curben 1b594c706e Add snyk to CI
Use proper snyk flow https://snyk.io/docs/using-snyk/
2018-09-25 10:29:43 +09:30
curben f500d2443d fix: .snyk & package.json to reduce vulnerabilities
The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/npm:lodash:20180130
- https://snyk.io/vuln/npm:tunnel-agent:20170305
2018-09-24 18:22:28 +09:30