From 2f57f3f69ecb8824fb309bfe4254e6d9f2dca359 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 21 Nov 2018 01:59:10 +0000 Subject: [PATCH] fix: firebase_functions/functions/.snyk & firebase_functions/functions/package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/npm:ms:20170412 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:hoek:20180212 --- firebase_functions/functions/.snyk | 14 ++++++++++++++ firebase_functions/functions/package.json | 12 +++++++++--- 2 files changed, 23 insertions(+), 3 deletions(-) create mode 100644 firebase_functions/functions/.snyk diff --git a/firebase_functions/functions/.snyk b/firebase_functions/functions/.snyk new file mode 100644 index 0000000..40db73a --- /dev/null +++ b/firebase_functions/functions/.snyk @@ -0,0 +1,14 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.13.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:hoek:20180212': + - firebase-admin > jsonwebtoken > joi > hoek: + patched: '2018-11-21T01:59:08.201Z' + - firebase-functions > jsonwebtoken > joi > hoek: + patched: '2018-11-21T01:59:08.201Z' + - firebase-admin > jsonwebtoken > joi > topo > hoek: + patched: '2018-11-21T01:59:08.201Z' + - firebase-functions > jsonwebtoken > joi > topo > hoek: + patched: '2018-11-21T01:59:08.201Z' diff --git a/firebase_functions/functions/package.json b/firebase_functions/functions/package.json index 59fae12..c2a45a4 100644 --- a/firebase_functions/functions/package.json +++ b/firebase_functions/functions/package.json @@ -1,7 +1,13 @@ { "dependencies": { "asyncawait": "^1.0.6", - "firebase-admin": "^4.2.1", - "firebase-functions": "^0.5.8" - } + "firebase-admin": "^5.4.3", + "firebase-functions": "^0.5.8", + "snyk": "^1.110.0" + }, + "scripts": { + "snyk-protect": "snyk protect", + "prepare": "npm run snyk-protect" + }, + "snyk": true }