curben
/
blog
mirror of https://gitlab.com/curben/blog
1
0
Fork 0
Code Issues Releases Wiki Activity
824 Commits 4 Branches 0 Tags 38 MiB
Commit Graph

29 Commits

Author SHA1 Message Date
MDLeom f09ef1d5bd
chore(snyk): patch lodash 
https://snyk.io/vuln/SNYK-JS-LODASH-567746
 2020-05-04 11:29:53 +01:00
MDLeom eeb2570405
chore(snyk): ignore DOTPROP & YARGSPARSER 2020-03-28 06:08:12 +00:00
MDLeom 7814bc16fc
chore(snyk): ignore SNYK-JS-MINIMIST-559764 2020-03-14 05:13:13 +00:00
MDLeom de4e8927a8
chore(snyk): 'SNYK-JS-DOTPROP-543489' caused by npm 
- Remove outdated policies
 2020-02-20 18:50:21 +00:00
curben ac35598b04
ci(snyk): ignore https-proxy-agent 2019-10-17 04:52:09 +01:00
curben 214bf336aa
ci(snyk): remove https-proxy-agent 2019-10-17 04:45:58 +01:00
curben fddc040c42
ci(snyk): update policy 2019-10-17 04:41:00 +01:00
curben fbb01fe1fd
chore(synk): add SNYK-JS-HANDLEBARS-469063 
https://snyk.io/vuln/SNYK-JS-HANDLEBARS-469063
 2019-10-01 17:20:14 +01:00
curben fefcaf342d
test(snyk): add mem, introduced by npm 2019-08-11 12:00:41 +09:30
curben 2b4a4b8ca5
test(snyk): add mem, introduced by renovate 2019-08-11 11:06:16 +09:30
curben b1c71c1ff0
test: remove snyk policy 2019-08-08 19:09:05 +09:30
curben 875a9b501c
test(snyk): expires snapdragon temporarily 
snapdragon package shouldn't be installed after switch to micromatch
 2019-08-08 16:52:01 +09:30
curben 6260cce61c test(snyk): add lodash and marked 2019-07-08 18:37:09 +09:30
curben e4cf43dd85 test(snyk): mention affected deps 2019-06-22 14:22:45 +09:30
curben 94d57346a6 test(snyk): ignore set-value and mixin-deep 
* https://snyk.io/vuln/SNYK-JS-SETVALUE-450213
* https://snyk.io/vuln/SNYK-JS-MIXINDEEP-450212
* Remove braces and marked
 2019-06-21 13:39:29 +09:30
curben a86ded70ab chore: update snyk policy 
https://snyk.io/vuln/SNYK-JS-MARKED-174116
 2019-04-12 12:57:47 +09:30
curben c6b89c5fa7 chore: update snyk policy 2019-04-05 11:38:40 +10:30
curben 3eee65de99 chore: update snyk policy 2019-03-08 20:56:46 +10:30
curben 28ff8fcb22 chore: update expiry of snyk ignore policy 
Updated 'renovate' package has fixed vulnerabilities.
 2018-12-31 21:26:28 +10:30
curben efe8183b85 test: fix snyk unable to patch 
snyk requires GNU's patch that support --backup argument,
the argument is not supported by alpine built-in busybox's patch

https://github.com/snyk/snyk/issues/108#issuecomment-412937627
https://github.com/snyk/snyk/issues/99#issuecomment-322202989

previous commit (faa286cb5f) did not fix
 2018-10-30 20:29:09 +10:30
curben d44428f41a test: hold back snyk patch due to failure 2018-10-28 20:53:06 +10:30
curben faa286cb5f test: fix snyk unable to patch 2018-10-28 19:03:30 +10:30
curben 6b71cb0ad6 test: update snyk policy to address renovate package 2018-10-28 18:02:45 +10:30
curben bb89c070b1 Add ignore policy to snyk 2018-10-11 11:38:56 +10:30
curben be05e66517 Update snyk policy 2018-09-30 18:01:45 +09:30
curben e32264c365 Replace hexo-autonofollow with hexo-filter-nofollow 
hexo-filter-nofollow has updated cheerio
https://snyk.io/test/npm/hexo-suka-autonofollow
 2018-09-28 12:17:40 +09:30
curben 2e7d211a4f Remove hexo-all-minifier snyk patches 
Not applicable anymore
cc1b2fc204
 2018-09-27 21:51:53 +09:30
curben 1b594c706e Add snyk to CI 
Use proper snyk flow https://snyk.io/docs/using-snyk/
 2018-09-25 10:29:43 +09:30
curben f500d2443d fix: .snyk & package.json to reduce vulnerabilities 
The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/npm:lodash:20180130
- https://snyk.io/vuln/npm:tunnel-agent:20170305
 2018-09-24 18:22:28 +09:30