Snyk Security Fixes

.github/workflows/snyk-infrastructure-analysis.yml

@@ -0,0 +1,42 @@
+# A sample workflow which checks out your Infrastructure as Code Configuration files,
+# such as Kubernetes, Helm & Terraform and scans them for any security issues.
+# The results are then uploaded to GitHub Security Code Scanning
+#
+# For more examples, including how to limit scans to only high-severity issues
+# and fail PR checks, see https://github.com/snyk/actions/
+
+name: Snyk Infrastructure as Code
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ master ]
+  schedule:
+    - cron: '42 4 * * 6'
+
+jobs:
+  snyk:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Run Snyk to check configuration files for security issues
+        # Snyk can be used to break the build when it detects security issues.
+        # In this case we want to upload the issues to GitHub Code Scanning
+        continue-on-error: true
+        uses: snyk/actions/iac@master
+        env:
+          # In order to use the Snyk Action you will need to have a Snyk API token.
+          # More details in https://github.com/snyk/actions#getting-your-snyk-token
+          # or you can signup for free at https://snyk.io/login
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          # Add the path to the configuration file that you would like to test.
+          # For example `deployment.yaml` for a Kubernetes deployment manifest
+          # or `main.tf` for a Terraform configuration file
+          file: your-file-to-test.yaml
+      - name: Upload result to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          sarif_file: snyk.sarif

hunter2-lessons/mass-assignment/code/static/bootstrap-3.3.7/.snyk

@@ -0,0 +1,41 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.21.5
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:debug:20170905':
+    - grunt-contrib-watch > tiny-lr > body-parser > debug:
+        patched: '2021-07-15T20:26:29.297Z'
+  'npm:hoek:20180212':
+    - grunt-contrib-qunit > grunt-lib-phantomjs > phantomjs > request > hawk > hoek:
+        patched: '2021-07-15T20:26:29.297Z'
+    - grunt-contrib-qunit > grunt-lib-phantomjs > phantomjs > request > hawk > boom > hoek:
+        patched: '2021-07-15T20:26:29.297Z'
+    - grunt-contrib-qunit > grunt-lib-phantomjs > phantomjs > request > hawk > sntp > hoek:
+        patched: '2021-07-15T20:26:29.297Z'
+    - grunt-contrib-qunit > grunt-lib-phantomjs > phantomjs > request > hawk > cryptiles > boom > hoek:
+        patched: '2021-07-15T20:26:29.297Z'
+  'npm:lodash:20180130':
+    - grunt-jscs > jscs > lodash:
+        patched: '2021-07-15T20:26:29.297Z'
+    - grunt-jscs > jscs > xmlbuilder > lodash:
+        patched: '2021-07-15T20:26:29.297Z'
+    - grunt-jscs > jscs > jscs-jsdoc > jsdoctypeparser > lodash:
+        patched: '2021-07-15T20:26:29.297Z'
+  'npm:minimatch:20160620':
+    - grunt-csscomb > csscomb > csscomb-core > minimatch:
+        patched: '2021-07-15T20:26:29.297Z'
+    - grunt-csscomb > csscomb > csscomb-core > vow-fs > glob > minimatch:
+        patched: '2021-07-15T20:26:29.297Z'
+  'npm:ms:20170412':
+    - grunt-contrib-watch > tiny-lr > body-parser > debug > ms:
+        patched: '2021-07-15T20:26:29.297Z'
+  'npm:request:20160119':
+    - grunt-contrib-qunit > grunt-lib-phantomjs > phantomjs > request:
+        patched: '2021-07-15T20:26:29.297Z'
+  'npm:tough-cookie:20170905':
+    - grunt-contrib-qunit > grunt-lib-phantomjs > phantomjs > request > tough-cookie:
+        patched: '2021-07-15T20:26:29.297Z'
+  'npm:tunnel-agent:20170305':
+    - grunt-contrib-qunit > grunt-lib-phantomjs > phantomjs > request > tunnel-agent:
+        patched: '2021-07-15T20:26:29.297Z'

hunter2-lessons/mass-assignment/code/static/bootstrap-3.3.7/package.json

@@ -16,7 +16,9 @@
   "scripts": {
     "change-version": "node grunt/change-version.js",
     "update-shrinkwrap": "npm shrinkwrap --dev && shx mv ./npm-shrinkwrap.json ./grunt/npm-shrinkwrap.json",
-    "test": "grunt test"
+    "test": "grunt test",
+    "snyk-protect": "snyk protect",
+    "prepublish": "npm run snyk-protect"
   },
   "style": "dist/css/bootstrap.css",
   "less": "less/bootstrap.less",
@@ -32,30 +34,30 @@
   "devDependencies": {
     "btoa": "~1.1.2",
     "glob": "~7.0.3",
-    "grunt": "~1.0.1",
+    "grunt": "~1.3.0",
     "grunt-autoprefixer": "~3.0.4",
     "grunt-contrib-clean": "~1.0.0",
     "grunt-contrib-compress": "~1.3.0",
     "grunt-contrib-concat": "~1.0.0",
     "grunt-contrib-connect": "~1.0.0",
     "grunt-contrib-copy": "~1.0.0",
-    "grunt-contrib-csslint": "~1.0.0",
-    "grunt-contrib-cssmin": "~1.0.0",
-    "grunt-contrib-htmlmin": "~1.5.0",
+    "grunt-contrib-csslint": "~2.0.0",
+    "grunt-contrib-cssmin": "~2.2.0",
+    "grunt-contrib-htmlmin": "~2.4.0",
     "grunt-contrib-jshint": "~1.0.0",
     "grunt-contrib-less": "~1.3.0",
-    "grunt-contrib-pug": "~1.0.0",
-    "grunt-contrib-qunit": "~0.7.0",
-    "grunt-contrib-uglify": "~1.0.0",
-    "grunt-contrib-watch": "~1.0.0",
+    "grunt-contrib-pug": "~3.0.0",
+    "grunt-contrib-qunit": "~1.0.0",
+    "grunt-contrib-uglify": "~3.4.0",
+    "grunt-contrib-watch": "~1.1.0",
     "grunt-csscomb": "~3.1.0",
     "grunt-exec": "~1.0.0",
     "grunt-html": "~8.0.1",
     "grunt-jekyll": "~0.4.4",
     "grunt-jscs": "~3.0.1",
     "grunt-saucelabs": "~9.0.0",
     "load-grunt-tasks": "~3.5.0",
-    "markdown-it": "^7.0.0",
+    "markdown-it": "^10.0.0",
     "shelljs": "^0.7.0",
     "shx": "^0.1.2",
     "time-grunt": "^1.3.0"
@@ -85,5 +87,9 @@
       "fonts",
       "js"
     ]
+  },
+  "snyk": true,
+  "dependencies": {
+    "snyk": "^1.662.0"
   }
 }