From 4c85722b081f8d80b656eefa97566ccfda3ce19d Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 15 Jul 2021 20:26:31 +0000 Subject: [PATCH 1/2] fix: hunter2-lessons/mass-assignment/code/static/bootstrap-3.3.7/package.json & hunter2-lessons/mass-assignment/code/static/bootstrap-3.3.7/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-GETOBJECT-1054932 - https://snyk.io/vuln/SNYK-JS-GRUNT-597546 - https://snyk.io/vuln/SNYK-JS-LODASH-1018905 - https://snyk.io/vuln/SNYK-JS-LODASH-1040724 - https://snyk.io/vuln/SNYK-JS-LODASH-450202 - https://snyk.io/vuln/SNYK-JS-LODASH-567746 - https://snyk.io/vuln/SNYK-JS-LODASH-590103 - https://snyk.io/vuln/SNYK-JS-LODASH-608086 - https://snyk.io/vuln/SNYK-JS-LODASH-73638 - https://snyk.io/vuln/SNYK-JS-LODASH-73639 - https://snyk.io/vuln/SNYK-JS-MARKDOWNIT-459438 - https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 - https://snyk.io/vuln/SNYK-JS-PUG-1071616 - https://snyk.io/vuln/SNYK-JS-TRIMNEWLINES-1298042 - https://snyk.io/vuln/npm:clean-css:20180306 - https://snyk.io/vuln/npm:concat-stream:20160901 - https://snyk.io/vuln/npm:debug:20170905 - https://snyk.io/vuln/npm:lodash:20180130 - https://snyk.io/vuln/npm:ms:20170412 - https://snyk.io/vuln/npm:qs:20170213 - https://snyk.io/vuln/npm:semver:20150403 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:debug:20170905 - https://snyk.io/vuln/npm:hoek:20180212 - https://snyk.io/vuln/npm:lodash:20180130 - https://snyk.io/vuln/npm:minimatch:20160620 - https://snyk.io/vuln/npm:ms:20170412 - https://snyk.io/vuln/npm:request:20160119 - https://snyk.io/vuln/npm:tough-cookie:20170905 - https://snyk.io/vuln/npm:tunnel-agent:20170305 --- .../code/static/bootstrap-3.3.7/.snyk | 41 +++++++++++++++++++ .../code/static/bootstrap-3.3.7/package.json | 26 +++++++----- 2 files changed, 57 insertions(+), 10 deletions(-) create mode 100644 hunter2-lessons/mass-assignment/code/static/bootstrap-3.3.7/.snyk diff --git a/hunter2-lessons/mass-assignment/code/static/bootstrap-3.3.7/.snyk b/hunter2-lessons/mass-assignment/code/static/bootstrap-3.3.7/.snyk new file mode 100644 index 0000000..c2f2a1b --- /dev/null +++ b/hunter2-lessons/mass-assignment/code/static/bootstrap-3.3.7/.snyk @@ -0,0 +1,41 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.21.5 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:debug:20170905': + - grunt-contrib-watch > tiny-lr > body-parser > debug: + patched: '2021-07-15T20:26:29.297Z' + 'npm:hoek:20180212': + - grunt-contrib-qunit > grunt-lib-phantomjs > phantomjs > request > hawk > hoek: + patched: '2021-07-15T20:26:29.297Z' + - grunt-contrib-qunit > grunt-lib-phantomjs > phantomjs > request > hawk > boom > hoek: + patched: '2021-07-15T20:26:29.297Z' + - grunt-contrib-qunit > grunt-lib-phantomjs > phantomjs > request > hawk > sntp > hoek: + patched: '2021-07-15T20:26:29.297Z' + - grunt-contrib-qunit > grunt-lib-phantomjs > phantomjs > request > hawk > cryptiles > boom > hoek: + patched: '2021-07-15T20:26:29.297Z' + 'npm:lodash:20180130': + - grunt-jscs > jscs > lodash: + patched: '2021-07-15T20:26:29.297Z' + - grunt-jscs > jscs > xmlbuilder > lodash: + patched: '2021-07-15T20:26:29.297Z' + - grunt-jscs > jscs > jscs-jsdoc > jsdoctypeparser > lodash: + patched: '2021-07-15T20:26:29.297Z' + 'npm:minimatch:20160620': + - grunt-csscomb > csscomb > csscomb-core > minimatch: + patched: '2021-07-15T20:26:29.297Z' + - grunt-csscomb > csscomb > csscomb-core > vow-fs > glob > minimatch: + patched: '2021-07-15T20:26:29.297Z' + 'npm:ms:20170412': + - grunt-contrib-watch > tiny-lr > body-parser > debug > ms: + patched: '2021-07-15T20:26:29.297Z' + 'npm:request:20160119': + - grunt-contrib-qunit > grunt-lib-phantomjs > phantomjs > request: + patched: '2021-07-15T20:26:29.297Z' + 'npm:tough-cookie:20170905': + - grunt-contrib-qunit > grunt-lib-phantomjs > phantomjs > request > tough-cookie: + patched: '2021-07-15T20:26:29.297Z' + 'npm:tunnel-agent:20170305': + - grunt-contrib-qunit > grunt-lib-phantomjs > phantomjs > request > tunnel-agent: + patched: '2021-07-15T20:26:29.297Z' diff --git a/hunter2-lessons/mass-assignment/code/static/bootstrap-3.3.7/package.json b/hunter2-lessons/mass-assignment/code/static/bootstrap-3.3.7/package.json index fe4b31d..9a4ef51 100644 --- a/hunter2-lessons/mass-assignment/code/static/bootstrap-3.3.7/package.json +++ b/hunter2-lessons/mass-assignment/code/static/bootstrap-3.3.7/package.json @@ -16,7 +16,9 @@ "scripts": { "change-version": "node grunt/change-version.js", "update-shrinkwrap": "npm shrinkwrap --dev && shx mv ./npm-shrinkwrap.json ./grunt/npm-shrinkwrap.json", - "test": "grunt test" + "test": "grunt test", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" }, "style": "dist/css/bootstrap.css", "less": "less/bootstrap.less", @@ -32,22 +34,22 @@ "devDependencies": { "btoa": "~1.1.2", "glob": "~7.0.3", - "grunt": "~1.0.1", + "grunt": "~1.3.0", "grunt-autoprefixer": "~3.0.4", "grunt-contrib-clean": "~1.0.0", "grunt-contrib-compress": "~1.3.0", "grunt-contrib-concat": "~1.0.0", "grunt-contrib-connect": "~1.0.0", "grunt-contrib-copy": "~1.0.0", - "grunt-contrib-csslint": "~1.0.0", - "grunt-contrib-cssmin": "~1.0.0", - "grunt-contrib-htmlmin": "~1.5.0", + "grunt-contrib-csslint": "~2.0.0", + "grunt-contrib-cssmin": "~2.2.0", + "grunt-contrib-htmlmin": "~2.4.0", "grunt-contrib-jshint": "~1.0.0", "grunt-contrib-less": "~1.3.0", - "grunt-contrib-pug": "~1.0.0", - "grunt-contrib-qunit": "~0.7.0", - "grunt-contrib-uglify": "~1.0.0", - "grunt-contrib-watch": "~1.0.0", + "grunt-contrib-pug": "~3.0.0", + "grunt-contrib-qunit": "~1.0.0", + "grunt-contrib-uglify": "~3.4.0", + "grunt-contrib-watch": "~1.1.0", "grunt-csscomb": "~3.1.0", "grunt-exec": "~1.0.0", "grunt-html": "~8.0.1", @@ -55,7 +57,7 @@ "grunt-jscs": "~3.0.1", "grunt-saucelabs": "~9.0.0", "load-grunt-tasks": "~3.5.0", - "markdown-it": "^7.0.0", + "markdown-it": "^10.0.0", "shelljs": "^0.7.0", "shx": "^0.1.2", "time-grunt": "^1.3.0" @@ -85,5 +87,9 @@ "fonts", "js" ] + }, + "snyk": true, + "dependencies": { + "snyk": "^1.662.0" } } From 3b1bfc3a6434a4233cf74cf31fc11582b1aaec9a Mon Sep 17 00:00:00 2001 From: ekmixon <6691194+ekmixon@users.noreply.github.com> Date: Thu, 15 Jul 2021 17:49:29 -0400 Subject: [PATCH 2/2] Create snyk-infrastructure-analysis.yml --- .../snyk-infrastructure-analysis.yml | 42 +++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 .github/workflows/snyk-infrastructure-analysis.yml diff --git a/.github/workflows/snyk-infrastructure-analysis.yml b/.github/workflows/snyk-infrastructure-analysis.yml new file mode 100644 index 0000000..d481d5e --- /dev/null +++ b/.github/workflows/snyk-infrastructure-analysis.yml @@ -0,0 +1,42 @@ +# A sample workflow which checks out your Infrastructure as Code Configuration files, +# such as Kubernetes, Helm & Terraform and scans them for any security issues. +# The results are then uploaded to GitHub Security Code Scanning +# +# For more examples, including how to limit scans to only high-severity issues +# and fail PR checks, see https://github.com/snyk/actions/ + +name: Snyk Infrastructure as Code + +on: + push: + branches: [ master ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ master ] + schedule: + - cron: '42 4 * * 6' + +jobs: + snyk: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Run Snyk to check configuration files for security issues + # Snyk can be used to break the build when it detects security issues. + # In this case we want to upload the issues to GitHub Code Scanning + continue-on-error: true + uses: snyk/actions/iac@master + env: + # In order to use the Snyk Action you will need to have a Snyk API token. + # More details in https://github.com/snyk/actions#getting-your-snyk-token + # or you can signup for free at https://snyk.io/login + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + # Add the path to the configuration file that you would like to test. + # For example `deployment.yaml` for a Kubernetes deployment manifest + # or `main.tf` for a Terraform configuration file + file: your-file-to-test.yaml + - name: Upload result to GitHub Code Scanning + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: snyk.sarif