klemek/snex.io
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: klemek/snex.io:snyk-fix-0978e7cf96dc248d7c18c1e748698ac9
Branches Tags
klemek/snex.io:master klemek/snex.io:snyk-fix-c6047b1905a26b15e1075c5103023875 klemek/snex.io:snyk-fix-4a9a5bc3e2f61bc174ff7a5b8686ab5c klemek/snex.io:snyk-fix-1bfbd9151d288a7b0a4ac865991a8836 klemek/snex.io:snyk-fix-c8d801da02d7c0479dd98d1c62720b80 klemek/snex.io:snyk-fix-b315013e59ef8a92d7217d6aed5689fe klemek/snex.io:snyk-fix-b61bc560c726a588a509484a21f61a0f klemek/snex.io:snyk-fix-68db53715c2f8591e5e42d999a817c5a klemek/snex.io:snyk-fix-e31e80203d3c201d32c68df66040c448 klemek/snex.io:snyk-fix-d0fd2d7f375d14632316e8db173f992d klemek/snex.io:snyk-fix-97395e21bb542f6e31f254c551a611f1 klemek/snex.io:snyk-fix-dc22fe0f71c8654bfd5d92f09e500612 klemek/snex.io:dependabot/npm_and_yarn/express-4.17.3 klemek/snex.io:dependabot/npm_and_yarn/qs-6.11.0 klemek/snex.io:snyk-fix-f5c073611110a3f86218bf3c6ba929b9 klemek/snex.io:snyk-fix-955eb8346b1046020f198cb47c5833dd klemek/snex.io:dependabot/npm_and_yarn/socket.io-parser-4.0.5 klemek/snex.io:snyk-fix-0978e7cf96dc248d7c18c1e748698ac9 klemek/snex.io:snyk-upgrade-3fab2c6298b408e56d239eb15da49adf klemek/snex.io:dependabot/npm_and_yarn/ws-7.4.6 klemek/snex.io:snyk-fix-abca45d15db73e989173147af4d2f1b8 klemek/snex.io:snyk-fix-feda1895f8bf614fb4bf3edb6ca86534 klemek/snex.io:snyk-upgrade-ab468e9091690a243249aa5d25b8fbb2 klemek/snex.io:snyk-upgrade-963e357ab499e0fcea98beec809d5065
..
pull from: klemek/snex.io:snyk-fix-abca45d15db73e989173147af4d2f1b8
Branches Tags
klemek/snex.io:snyk-fix-c6047b1905a26b15e1075c5103023875 klemek/snex.io:snyk-fix-4a9a5bc3e2f61bc174ff7a5b8686ab5c klemek/snex.io:snyk-fix-1bfbd9151d288a7b0a4ac865991a8836 klemek/snex.io:snyk-fix-c8d801da02d7c0479dd98d1c62720b80 klemek/snex.io:snyk-fix-b315013e59ef8a92d7217d6aed5689fe klemek/snex.io:snyk-fix-b61bc560c726a588a509484a21f61a0f klemek/snex.io:snyk-fix-68db53715c2f8591e5e42d999a817c5a klemek/snex.io:snyk-fix-e31e80203d3c201d32c68df66040c448 klemek/snex.io:snyk-fix-d0fd2d7f375d14632316e8db173f992d klemek/snex.io:snyk-fix-97395e21bb542f6e31f254c551a611f1 klemek/snex.io:snyk-fix-dc22fe0f71c8654bfd5d92f09e500612 klemek/snex.io:dependabot/npm_and_yarn/express-4.17.3 klemek/snex.io:dependabot/npm_and_yarn/qs-6.11.0 klemek/snex.io:snyk-fix-f5c073611110a3f86218bf3c6ba929b9 klemek/snex.io:snyk-fix-955eb8346b1046020f198cb47c5833dd klemek/snex.io:dependabot/npm_and_yarn/socket.io-parser-4.0.5 klemek/snex.io:snyk-fix-0978e7cf96dc248d7c18c1e748698ac9 klemek/snex.io:snyk-upgrade-3fab2c6298b408e56d239eb15da49adf klemek/snex.io:master klemek/snex.io:dependabot/npm_and_yarn/ws-7.4.6 klemek/snex.io:snyk-fix-abca45d15db73e989173147af4d2f1b8 klemek/snex.io:snyk-fix-feda1895f8bf614fb4bf3edb6ca86534 klemek/snex.io:snyk-upgrade-ab468e9091690a243249aa5d25b8fbb2 klemek/snex.io:snyk-upgrade-963e357ab499e0fcea98beec809d5065

1 Commits
snyk-fix-0978e7cf96dc248d7c18c1e748698ac9 .. snyk-fix-abca45d15db73e989173147af4d2f1b8

Author SHA1 Message Date
snyk-bot 10e07b2f35 fix: package.json & package-lock.json to reduce vulnerabilities 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ENGINEIO-1056749
- https://snyk.io/vuln/SNYK-JS-SOCKETIOPARSER-1056752
 2021-01-08 23:44:43 +00:00
4 changed files with 46 additions and 116 deletions
Expand all files Collapse all files
.github/workflows/docker.yml
-34
View File
@@ -1,34 +0,0 @@
name: Docker
on: ["push", "pull_request"]
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Cache Docker layers
uses: actions/cache@v2
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Build
uses: docker/build-push-action@v2
with:
context: ./
file: ./Dockerfile
builder: ${{ steps.buildx.outputs.name }}
push: false
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new
- name: Move cache
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
- name: Image digest
run: echo ${{ steps.docker_build.outputs.digest }}
Dockerfile
-18
View File
@@ -1,18 +0,0 @@
FROM node:14
# Create app directory
WORKDIR /usr/src/app
# Install app dependencies
# A wildcard is used to ensure both package.json AND package-lock.json are copied
# where available (npm@5+)
COPY package*.json ./
RUN npm install
# If you are building your code for production
# RUN npm ci --only=production
# Bundle app source
COPY . .
CMD [ "sh", "-c", "node server.js" ]
package-lock.json
Generated
+45 -63
View File
@@ -5,24 +5,9 @@
"requires": true,
"dependencies": {
"@types/component-emitter": {
"version": "1.2.11",
"resolved": "https://registry.npmjs.org/@types/component-emitter/-/component-emitter-1.2.11.tgz",
"integrity": "sha512-SRXjM+tfsSlA9VuG8hGO2nft2p8zjXCK1VcC6N4NXbBbYbSia9kzCChYQajIjzIqOOOuh5Ock6MmV2oux4jDZQ=="
},
"@types/cookie": {
"version": "0.4.1",
"resolved": "https://registry.npmjs.org/@types/cookie/-/cookie-0.4.1.tgz",
"integrity": "sha512-XW/Aa8APYr6jSVVA1y/DEIZX0/GMKLEVekNG727R8cs56ahETkRAy/3DR7+fJyh7oUgGwNQaRfXCun0+KbWY7Q=="
},
"@types/cors": {
"version": "2.8.12",
"resolved": "https://registry.npmjs.org/@types/cors/-/cors-2.8.12.tgz",
"integrity": "sha512-vt+kDhq/M2ayberEtJcIN/hxXy1Pk+59g2FV/ZQceeaTyCtCucjL2Q7FXlFjtWn4n15KCr1NE2lNNFhp0lEThw=="
},
"@types/node": {
"version": "14.18.5",
"resolved": "https://registry.npmjs.org/@types/node/-/node-14.18.5.tgz",
"integrity": "sha512-LMy+vDDcQR48EZdEx5wRX1q/sEl6NdGuHXPnfeL8ixkwCOSZ2qnIyIZmcCbdX0MeRqHhAcHmX+haCbrS8Run+A=="
"version": "1.2.10",
"resolved": "https://registry.npmjs.org/@types/component-emitter/-/component-emitter-1.2.10.tgz",
"integrity": "sha512-bsjleuRKWmGqajMerkzox19aGbscQX5rmmvvXl3wlIp5gMG1HgkiwPxsN5p070fBDKTNSPgojVbuY1+HWMbFhg=="
},
"accepts": {
"version": "1.3.7",
@@ -149,9 +134,9 @@
"integrity": "sha1-rT/0yG7C0CkyL1oCw6mmBslbP1k="
},
"engine.io": {
"version": "4.1.2",
"resolved": "https://registry.npmjs.org/engine.io/-/engine.io-4.1.2.tgz",
"integrity": "sha512-t5z6zjXuVLhXDMiFJPYsPOWEER8B0tIsD3ETgw19S1yg9zryvUfY3Vhtk3Gf4sihw/bQGIqQ//gjvVlu+Ca0bQ==",
"version": "4.0.6",
"resolved": "https://registry.npmjs.org/engine.io/-/engine.io-4.0.6.tgz",
"integrity": "sha512-rf7HAVZpcRrcKEKddgIzYUnwg0g5HE1RvJaTLwkcfJmce4g+po8aMuE6vxzp6JwlK8FEq/vi0KWN6tA585DjaA==",
"requires": {
"accepts": "~1.3.4",
"base64id": "2.0.0",
@@ -163,9 +148,9 @@
},
"dependencies": {
"debug": {
"version": "4.3.3",
"resolved": "https://registry.npmjs.org/debug/-/debug-4.3.3.tgz",
"integrity": "sha512-/zxw5+vh1Tfv+4Qn7a5nsbcJKPaSvCDhojn6FEl9vupwK2VCSDtEiEtqr8DFtzYFOdz63LBkxec7DYuc2jon6Q==",
"version": "4.3.1",
"resolved": "https://registry.npmjs.org/debug/-/debug-4.3.1.tgz",
"integrity": "sha512-doEwdvm4PCeK4K3RQN2ZC2BYUBaxwLARCqZmMjtF8a51J2Rb0xpVloFRnCODwqjpwnAoao4pelN8l3RJdv3gRQ==",
"requires": {
"ms": "2.1.2"
}
@@ -178,9 +163,9 @@
}
},
"engine.io-parser": {
"version": "4.0.3",
"resolved": "https://registry.npmjs.org/engine.io-parser/-/engine.io-parser-4.0.3.tgz",
"integrity": "sha512-xEAAY0msNnESNPc00e19y5heTPX4y/TJ36gr8t1voOaNmTojP9b3oK3BbJLFufW2XFPQaaijpFewm2g2Um3uqA==",
"version": "4.0.2",
"resolved": "https://registry.npmjs.org/engine.io-parser/-/engine.io-parser-4.0.2.tgz",
"integrity": "sha512-sHfEQv6nmtJrq6TKuIz5kyEKH/qSdK56H/A+7DnAuUPWosnIZAS2NHNcPLmyjtY3cGS/MqJdZbUjW97JU72iYg==",
"requires": {
"base64-arraybuffer": "0.1.4"
}
@@ -341,16 +326,16 @@
"integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg=="
},
"mime-db": {
"version": "1.51.0",
"resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.51.0.tgz",
"integrity": "sha512-5y8A56jg7XVQx2mbv1lu49NR4dokRnhZYTtL+KGfaa27uq4pSTXkwQkFJl4pkRMyNFz/EtYDSkiiEHx3F7UN6g=="
"version": "1.45.0",
"resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.45.0.tgz",
"integrity": "sha512-CkqLUxUk15hofLoLyljJSrukZi8mAtgd+yE5uO4tqRZsdsAJKv0O+rFMhVDRJgozy+yG6md5KwuXhD4ocIoP+w=="
},
"mime-types": {
"version": "2.1.34",
"resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.34.tgz",
"integrity": "sha512-6cP692WwGIs9XXdOO4++N+7qjqv0rqxxVvJ3VHPh/Sc9mVZcQP+ZGhkKiTvWMQRr2tbHkJP/Yn7Y0npb3ZBs4A==",
"version": "2.1.28",
"resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.28.tgz",
"integrity": "sha512-0TO2yJ5YHYr7M2zzT7gDU1tbwHxEUWBCLt0lscSNpcdAfFyJOVEpRYNS7EXVcTLNj/25QO8gulHC5JtTzSE2UQ==",
"requires": {
"mime-db": "1.51.0"
"mime-db": "1.45.0"
}
},
"ms": {
@@ -470,45 +455,42 @@
"integrity": "sha512-JvdAWfbXeIGaZ9cILp38HntZSFSo3mWg6xGcJJsd+d4aRMOqauag1C63dJfDw7OaMYwEbHMOxEZ1lqVRYP2OAw=="
},
"socket.io": {
"version": "3.1.0",
"resolved": "https://registry.npmjs.org/socket.io/-/socket.io-3.1.0.tgz",
"integrity": "sha512-Aqg2dlRh6xSJvRYK31ksG65q4kmBOqU4g+1ukhPcoT6wNGYoIwSYPlCPuRwOO9pgLUajojGFztl6+V2opmKcww==",
"version": "3.0.0",
"resolved": "https://registry.npmjs.org/socket.io/-/socket.io-3.0.0.tgz",
"integrity": "sha512-arLQtd+UoJ08NXBRBGUJDyQ9B+cc9WwD67hc5s1WQcs2DyAkYzI5HWg4U0CrFtK00kjyAWxBGhLwVbfOeMqz1A==",
"requires": {
"@types/cookie": "^0.4.0",
"@types/cors": "^2.8.8",
"@types/node": "^14.14.10",
"accepts": "~1.3.4",
"base64id": "~2.0.0",
"debug": "~4.3.1",
"engine.io": "~4.1.0",
"socket.io-adapter": "~2.1.0",
"socket.io-parser": "~4.0.3"
"debug": "~4.1.0",
"engine.io": "~4.0.0",
"socket.io-adapter": "~2.0.3",
"socket.io-parser": "~4.0.1"
},
"dependencies": {
"debug": {
"version": "4.3.3",
"resolved": "https://registry.npmjs.org/debug/-/debug-4.3.3.tgz",
"integrity": "sha512-/zxw5+vh1Tfv+4Qn7a5nsbcJKPaSvCDhojn6FEl9vupwK2VCSDtEiEtqr8DFtzYFOdz63LBkxec7DYuc2jon6Q==",
"version": "4.1.1",
"resolved": "https://registry.npmjs.org/debug/-/debug-4.1.1.tgz",
"integrity": "sha512-pYAIzeRo8J6KPEaJ0VWOh5Pzkbw/RetuzehGM7QRRX5he4fPHx2rdKMB256ehJCkX+XRQm16eZLqLNS8RSZXZw==",
"requires": {
"ms": "2.1.2"
"ms": "^2.1.1"
}
},
"ms": {
"version": "2.1.2",
"resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
"integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w=="
"version": "2.1.3",
"resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
"integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="
}
}
},
"socket.io-adapter": {
"version": "2.1.0",
"resolved": "https://registry.npmjs.org/socket.io-adapter/-/socket.io-adapter-2.1.0.tgz",
"integrity": "sha512-+vDov/aTsLjViYTwS9fPy5pEtTkrbEKsw2M+oVSoFGw6OD1IpvlV1VPhUzNbofCQ8oyMbdYJqDtGdmHQK6TdPg=="
"version": "2.0.3",
"resolved": "https://registry.npmjs.org/socket.io-adapter/-/socket.io-adapter-2.0.3.tgz",
"integrity": "sha512-2wo4EXgxOGSFueqvHAdnmi5JLZzWqMArjuP4nqC26AtLh5PoCPsaRbRdah2xhcwTAMooZfjYiNVNkkmmSMaxOQ=="
},
"socket.io-parser": {
"version": "4.0.4",
"resolved": "https://registry.npmjs.org/socket.io-parser/-/socket.io-parser-4.0.4.tgz",
"integrity": "sha512-t+b0SS+IxG7Rxzda2EVvyBZbvFPBCjJoyHuE0P//7OAsN23GItzDRdWa6ALxZI/8R5ygK7jAR6t028/z+7295g==",
"version": "4.0.3",
"resolved": "https://registry.npmjs.org/socket.io-parser/-/socket.io-parser-4.0.3.tgz",
"integrity": "sha512-m4ybFiP4UYVORRt7jcdqf8UWx+ywVdAqqsJyruXxAdD3Sv6MDemijWij34mOWdMJ55bEdIb9jACBhxUgNK6sxw==",
"requires": {
"@types/component-emitter": "^1.2.10",
"component-emitter": "~1.3.0",
@@ -516,9 +498,9 @@
},
"dependencies": {
"debug": {
"version": "4.3.3",
"resolved": "https://registry.npmjs.org/debug/-/debug-4.3.3.tgz",
"integrity": "sha512-/zxw5+vh1Tfv+4Qn7a5nsbcJKPaSvCDhojn6FEl9vupwK2VCSDtEiEtqr8DFtzYFOdz63LBkxec7DYuc2jon6Q==",
"version": "4.3.1",
"resolved": "https://registry.npmjs.org/debug/-/debug-4.3.1.tgz",
"integrity": "sha512-doEwdvm4PCeK4K3RQN2ZC2BYUBaxwLARCqZmMjtF8a51J2Rb0xpVloFRnCODwqjpwnAoao4pelN8l3RJdv3gRQ==",
"requires": {
"ms": "2.1.2"
}
@@ -580,9 +562,9 @@
"integrity": "sha1-IpnwLG3tMNSllhsLn3RSShj2NPw="
},
"ws": {
"version": "7.4.6",
"resolved": "https://registry.npmjs.org/ws/-/ws-7.4.6.tgz",
"integrity": "sha512-YmhHDO4MzaDLB+M9ym/mDA5z0naX8j7SIlT8f8z+I0VtzsRbekxEutHSme7NPS2qE8StCYQNUnfWdXta/Yu85A=="
"version": "7.4.2",
"resolved": "https://registry.npmjs.org/ws/-/ws-7.4.2.tgz",
"integrity": "sha512-T4tewALS3+qsrpGI/8dqNMLIVdq/g/85U98HPMa6F0m6xTbvhXU6RCQLqPH3+SlomNV/LdY6RXEbBpMH6EOJnA=="
}
}
}
package.json
+1 -1
View File
@@ -5,6 +5,6 @@
"dependencies": {
"color-convert": "^1.9.3",
"express": "^4.17.1",
"socket.io": "^3.1.0"
"socket.io": "^3.0.0"
}
}