From 10de360f429208c5f2b15f8d7565ce24b9e86b70 Mon Sep 17 00:00:00 2001 From: Harshit Luthra Date: Sat, 13 Oct 2018 23:11:16 +0530 Subject: [PATCH 1/3] Add Snyk to Travis --- .snyk | 9 +++++++++ .travis.yml | 9 +++++++++ package.json | 7 ++++--- 3 files changed, 22 insertions(+), 3 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 00000000..51ac7ea1 --- /dev/null +++ b/.snyk @@ -0,0 +1,9 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.12.0 +# ignores vulnerabilities until expiry date; change duration by modifying expiry date +ignore: + 'npm:qs:20170213': + - http-server > union > qs: + reason: 'No Patch or Upgrade available ' + expires: '2018-11-12T10:52:02.751Z' +patch: {} diff --git a/.travis.yml b/.travis.yml index 503ecf16..1d2137a4 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,4 +1,13 @@ language: node_js +#env: +# - SNYK_TOKEN +install: + - npm install +after_success: + - snyk monitor +cache: + directories: + - "$HOME/.npm" notifications: email: false webhooks: diff --git a/package.json b/package.json index 1bd2eb7d..dddf6633 100644 --- a/package.json +++ b/package.json @@ -11,7 +11,7 @@ "stylelint:css": "stylelint css/*.css", "lint": "npm run lint:js && npm run lint:html && npm run lint:css && npm run lint:tests", "pretest": "npm run stylelint:css && npm run lint", - "test": "mocha", + "test": "snyk test && mocha", "exp-fix:js": "eslint js/everything.js --fix", "start": "http-server --cors -o -a localhost" }, @@ -37,7 +37,8 @@ "htmlhint": "^0.10.1", "mocha": "^5.2.0", "stylelint": "^9.5.0", - "zombie": "^6.1.3" + "zombie": "^6.1.3", + "snyk": "^1.103.4" }, "engines": { "node": ">=8.x" @@ -45,4 +46,4 @@ "dependencies": { "http-server": "^0.10.0" } -} +} \ No newline at end of file From 158ad662e602c0b1b641831269c748913f8959a2 Mon Sep 17 00:00:00 2001 From: Harshit Luthra Date: Sat, 13 Oct 2018 23:30:26 +0530 Subject: [PATCH 2/3] Add snyk badge --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index bdb96778..2b1171a0 100644 --- a/README.md +++ b/README.md @@ -5,6 +5,7 @@ [![Build Status](https://travis-ci.org/zen-audio-player/zen-audio-player.github.io.svg?branch=master)](https://travis-ci.org/zen-audio-player/zen-audio-player.github.io) [![Code Climate](https://codeclimate.com/github/zen-audio-player/zen-audio-player.github.io/badges/gpa.svg)](https://codeclimate.com/github/zen-audio-player/zen-audio-player.github.io) [![Issue Count](https://codeclimate.com/github/zen-audio-player/zen-audio-player.github.io/badges/issue_count.svg)](https://codeclimate.com/github/zen-audio-player/zen-audio-player.github.io) +[![Known Vulnerabilities](https://snyk.io/test/github/zen-audio-player/zen-audio-player.github.io/badges/badge.svg)](https://snyk.io/test/github/zen-audio-player/zen-audio-player.github.io/badges) Listen to YouTube videos, without the distracting visuals. From 9e5bcd60a689e1bed56ddbc0696fbd30adc38a7c Mon Sep 17 00:00:00 2001 From: Shakeel Mohamed Date: Mon, 22 Oct 2018 00:07:23 -0700 Subject: [PATCH 3/3] Add snyk token --- .travis.yml | 11 ++++++----- package-lock.json | 50 +++++++++++++++++++++++------------------------ package.json | 9 +++++---- 3 files changed, 36 insertions(+), 34 deletions(-) diff --git a/.travis.yml b/.travis.yml index 1d2137a4..3ff8aba9 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,10 +1,8 @@ language: node_js -#env: -# - SNYK_TOKEN install: - - npm install +- npm install after_success: - - snyk monitor +- npm run snyk-monitor cache: directories: - "$HOME/.npm" @@ -12,9 +10,12 @@ notifications: email: false webhooks: urls: - - https://webhooks.gitter.im/e/789c495ac457dab0ae54 + - https://webhooks.gitter.im/e/789c495ac457dab0ae54 on_success: always on_failure: always node_js: - 8 - 10 +env: + global: + secure: jzR1fDj7QoL/xlpZeC5+d7QaIm6J5NXHGefUEsaJM+2oFi1E49hOqHxWtaQo0k6EGdHKZXdfGuht+kalRQ5UoRQToSt6NwIs+iK6aNO+noNrXN+IEP5mqFPMwhXDtSsXtfavpoMaK729ZCU6s8ASsaZKLNFY+CrxbSjzMOtjVmiMkG6kw9+UqlaBO6BWC3+Te/HmXta8wSI3Frsl93DmnwVS8F+obKzRegVEnRHilbcPfSJavszwe3ASal1q/ptB18RmCC0f6Et7ObVrT3oVK6cq97FycWToePwD2OD1z1Lrg5HJsYPcqWV1YAwMpa1Rp1P+SC0aVojMcwxP3FOaaIRYKhIjvodbRYNzY3UTlSHBMcwNH4hz6JhuPmZF9Qs8CDb2QjuVjaHxZq/+C+Wzu+eklJeU1vpTnBtuhlfNTI5KNG3TVczSy1PbA6KRKESmj2VGgLGGKfY77DWE9CL9V98t9+183qcBTl07IKTQlCOILhVJtL/mBs8nxj25ZpyTfv2ZMkxg1QqJQsqyxt/W2NPlDjIr4RWt4vbSpfKr3t5RJ/FSILUUh0NiL/wMh6ZcKmDp+YdwE4e0ZBTLB5mzEU658owA6e/ndlJrG7DRFahCtHoSIK6PQc9nwsR1WzNx2kZ4X7187EgQMmFONqQ225R7Kcapvcbc2q9t9CdsmPw= diff --git a/package-lock.json b/package-lock.json index ac4a1e05..ebf77392 100644 --- a/package-lock.json +++ b/package-lock.json @@ -405,9 +405,9 @@ "dev": true }, "ast-types": { - "version": "0.11.5", - "resolved": "https://registry.npmjs.org/ast-types/-/ast-types-0.11.5.tgz", - "integrity": "sha512-oJjo+5e7/vEc2FBK8gUalV0pba4L3VdBIs2EKhOLHLcOd2FgQIVQN9xb0eZ9IjEWyAL7vq6fGJxOvVvdCHNyMw==", + "version": "0.11.6", + "resolved": "https://registry.npmjs.org/ast-types/-/ast-types-0.11.6.tgz", + "integrity": "sha512-nHiuV14upVGl7MWwFUYbzJ6YlfwWS084CU9EA8HajfYQjMSli5TQi3UTRygGF58LFWVkXxS1rbgRhROEqlQkXg==", "dev": true }, "async": { @@ -1478,7 +1478,7 @@ }, "es6-promisify": { "version": "5.0.0", - "resolved": "https://registry.npmjs.org/es6-promisify/-/es6-promisify-5.0.0.tgz", + "resolved": "http://registry.npmjs.org/es6-promisify/-/es6-promisify-5.0.0.tgz", "integrity": "sha1-UQnWLz5W6pZ8S2NQWu8IKRyKUgM=", "dev": true, "requires": { @@ -5409,9 +5409,9 @@ } }, "snyk": { - "version": "1.103.0", - "resolved": "https://registry.npmjs.org/snyk/-/snyk-1.103.0.tgz", - "integrity": "sha512-KUt05fGpj1g59raSxfJgGTOFZXFTgtRhVxdzCPOFUgeYzMdnEDp/HY+IwgnrT9whgWz/gqbvzupwDUzykRLEZA==", + "version": "1.104.1", + "resolved": "https://registry.npmjs.org/snyk/-/snyk-1.104.1.tgz", + "integrity": "sha512-K72W1O57nnSE+XokbuxC7Q0T9tAaMF6V/CoHv6ifAQlOvOkj/0rFbA8zMNMgzRs4LfQj183Zt5D0B0cyFDrKJQ==", "dev": true, "requires": { "abbrev": "^1.1.1", @@ -5431,17 +5431,17 @@ "semver": "^5.5.0", "snyk-config": "2.2.0", "snyk-docker-plugin": "1.12.0", - "snyk-go-plugin": "1.5.2", + "snyk-go-plugin": "1.6.0", "snyk-gradle-plugin": "2.1.0", "snyk-module": "1.8.2", "snyk-mvn-plugin": "2.0.0", - "snyk-nodejs-lockfile-parser": "1.5.1", + "snyk-nodejs-lockfile-parser": "1.5.3", "snyk-nuget-plugin": "1.6.5", "snyk-php-plugin": "1.5.1", "snyk-policy": "1.12.0", - "snyk-python-plugin": "1.8.2", + "snyk-python-plugin": "1.9.0", "snyk-resolve": "1.0.1", - "snyk-resolve-deps": "4.0.1", + "snyk-resolve-deps": "4.0.2", "snyk-sbt-plugin": "2.0.0", "snyk-tree": "^1.0.0", "snyk-try-require": "1.3.1", @@ -5547,9 +5547,9 @@ } }, "snyk-go-plugin": { - "version": "1.5.2", - "resolved": "https://registry.npmjs.org/snyk-go-plugin/-/snyk-go-plugin-1.5.2.tgz", - "integrity": "sha512-XWajcSh6Ld+I+WdcyU3DGDuE2ydThQd8ORkESy0nQ2LwekygLYVYN66OBy0uxpqYfd4qoqeg+J8lb4oGzCmyGA==", + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/snyk-go-plugin/-/snyk-go-plugin-1.6.0.tgz", + "integrity": "sha512-E6aYw7XAXSs2wJR3fU+vGQ1lVyjAw8PHIQYQwBwMkTHByhJIWPcu6Hy/jT5LcjJHlhYXlpOuk53HeLVK+kcXrQ==", "dev": true, "requires": { "graphlib": "^2.1.1", @@ -5600,15 +5600,15 @@ "dev": true }, "snyk-nodejs-lockfile-parser": { - "version": "1.5.1", - "resolved": "https://registry.npmjs.org/snyk-nodejs-lockfile-parser/-/snyk-nodejs-lockfile-parser-1.5.1.tgz", - "integrity": "sha512-rfFcW+ZrOEH3NxufUCpMBpNLSb4BPOxLbAM6MoRqfYH5DhSdTHsecwRDf1gU6XzQok/9Koav+1qtP8+welJC2A==", + "version": "1.5.3", + "resolved": "https://registry.npmjs.org/snyk-nodejs-lockfile-parser/-/snyk-nodejs-lockfile-parser-1.5.3.tgz", + "integrity": "sha512-hVUUxRm7f8mN3RdTbeZGJn+w4VMKb7ke4/OB8Qhr4O5S04AMb4YOcsZ80niur05VUykPT32IyFwyGRTBi99WUw==", "dev": true, "requires": { "@yarnpkg/lockfile": "^1.0.2", "lodash": "4.17.10", - "path": "0.12.7", - "source-map-support": "^0.5.7" + "source-map-support": "^0.5.7", + "tslib": "^1.9.3" } }, "snyk-nuget-plugin": { @@ -5703,9 +5703,9 @@ } }, "snyk-python-plugin": { - "version": "1.8.2", - "resolved": "https://registry.npmjs.org/snyk-python-plugin/-/snyk-python-plugin-1.8.2.tgz", - "integrity": "sha512-LBvjztnXarSHKyhivzM567icOOLOB98I7S9EEnjepuG+EZ0jiZzqOEMVRmzuYi+hRq3Cwh0hhjkwgJAQpKDz+g==", + "version": "1.9.0", + "resolved": "https://registry.npmjs.org/snyk-python-plugin/-/snyk-python-plugin-1.9.0.tgz", + "integrity": "sha512-zlyOHoCpmyVym9AwkboeepzEGrY3gHsM7eWP/nJ85TgCnQO5H5orKm3RL57PNbWRY+BnDmoQQ+udQgjym2+3sg==", "dev": true, "requires": { "tmp": "0.0.33" @@ -5739,9 +5739,9 @@ } }, "snyk-resolve-deps": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/snyk-resolve-deps/-/snyk-resolve-deps-4.0.1.tgz", - "integrity": "sha512-gieaYoOuJLXzUmDDKfQJAqfwaxa43KmSqN2d9abRfgMXnLlX9IqyoZ1wqZMbd3WN7tsHSkpWvVwc4FHdQEkUKA==", + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/snyk-resolve-deps/-/snyk-resolve-deps-4.0.2.tgz", + "integrity": "sha512-nlw62wiWhGOTw3BD3jVIwrUkRR4iNxEkkO4Y/PWs8BsUWseGu1H6QgLesFXJb3qx7ANJ5UbUCJMgV+eL0Lf9cA==", "dev": true, "requires": { "ansicolors": "^0.3.2", diff --git a/package.json b/package.json index dddf6633..409071c0 100644 --- a/package.json +++ b/package.json @@ -13,7 +13,8 @@ "pretest": "npm run stylelint:css && npm run lint", "test": "snyk test && mocha", "exp-fix:js": "eslint js/everything.js --fix", - "start": "http-server --cors -o -a localhost" + "start": "http-server --cors -o -a localhost", + "snyk-monitor": "snyk monitor" }, "repository": { "type": "git", @@ -36,9 +37,9 @@ "eslint": "^5.4.0", "htmlhint": "^0.10.1", "mocha": "^5.2.0", + "snyk": "^1.104.1", "stylelint": "^9.5.0", - "zombie": "^6.1.3", - "snyk": "^1.103.4" + "zombie": "^6.1.3" }, "engines": { "node": ">=8.x" @@ -46,4 +47,4 @@ "dependencies": { "http-server": "^0.10.0" } -} \ No newline at end of file +}