diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..1377f41 --- /dev/null +++ b/.snyk @@ -0,0 +1,28 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.25.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:extend:20180424': + - pm2 > chokidar > fsevents > node-pre-gyp > request > extend: + patched: '2023-08-31T14:04:10.555Z' + id: 'npm:extend:20180424' + path: pm2 > chokidar > fsevents > node-pre-gyp > request > extend + 'npm:hoek:20180212': + - pm2 > chokidar > fsevents > node-pre-gyp > hawk > hoek: + patched: '2023-08-31T14:04:10.555Z' + id: 'npm:hoek:20180212' + path: pm2 > chokidar > fsevents > node-pre-gyp > hawk > hoek + - pm2 > chokidar > fsevents > node-pre-gyp > hawk > boom > hoek: + patched: '2023-08-31T14:04:10.555Z' + id: 'npm:hoek:20180212' + path: pm2 > chokidar > fsevents > node-pre-gyp > hawk > boom > hoek + - pm2 > chokidar > fsevents > node-pre-gyp > hawk > sntp > hoek: + patched: '2023-08-31T14:04:10.555Z' + id: 'npm:hoek:20180212' + path: pm2 > chokidar > fsevents > node-pre-gyp > hawk > sntp > hoek + 'npm:stringstream:20180511': + - pm2 > chokidar > fsevents > node-pre-gyp > request > stringstream: + patched: '2023-08-31T14:04:10.555Z' + id: 'npm:stringstream:20180511' + path: pm2 > chokidar > fsevents > node-pre-gyp > request > stringstream diff --git a/package.json b/package.json index cc9a4b9..86d0cb0 100644 --- a/package.json +++ b/package.json @@ -1,8 +1,7 @@ { "name": "thinglator", "license": "MIT", - "description": - "An API that provides a uniform interface for interacting with IOT and home automation devices", + "description": "An API that provides a uniform interface for interacting with IOT and home automation devices", "version": "3.2.0", "maintainers": [ { @@ -27,7 +26,8 @@ "node-cron": "^1.2.1", "pm2": "^2.10.1", "socket.io": "^2.0.4", - "yarn-api": "^1.1.0" + "yarn-api": "^1.1.0", + "@snyk/protect": "latest" }, "devDependencies": { "eslint": "^4.18.2", @@ -48,10 +48,15 @@ "test": "jest --coverage && yarn lint", "test:watch": "jest --watch", "precommit": "lint-staged", - "lint": "eslint **/*.js" + "lint": "eslint **/*.js", + "prepare": "yarn run snyk-protect", + "snyk-protect": "snyk-protect" }, "lint-staged": { - "*.{js,json,css,md}": ["prettier --write", "git add"] + "*.{js,json,css,md}": [ + "prettier --write", + "git add" + ] }, "engines": { "node": ">=8.10.0" @@ -59,6 +64,11 @@ "main": "app.js", "jest": { "testEnvironment": "node", - "collectCoverageFrom": ["**/*.js", "!**/node_modules/**", "!**/coverage/**"] - } + "collectCoverageFrom": [ + "**/*.js", + "!**/node_modules/**", + "!**/coverage/**" + ] + }, + "snyk": true } diff --git a/yarn.lock b/yarn.lock index 9ed476d..125cf23 100644 --- a/yarn.lock +++ b/yarn.lock @@ -16,6 +16,11 @@ esutils "^2.0.2" js-tokens "^3.0.0" +"@snyk/protect@^1.1208.0": + version "1.1208.0" + resolved "https://registry.yarnpkg.com/@snyk/protect/-/protect-1.1208.0.tgz#5789de12b89630bf3d598b9b9910a8a9fb863d61" + integrity sha512-OAvVLx2yemEncXzsbtDWIeg3r7DS/XFilHix4DuqUjl0yEjdyM+rU/ua5Fffmw92Aep+lr+cYv5Du3mzF4B20A== + abab@^1.0.4: version "1.0.4" resolved "https://registry.yarnpkg.com/abab/-/abab-1.0.4.tgz#5faad9c2c07f60dd76770f71cf025b62a63cfd4e" @@ -291,12 +296,6 @@ aws4@^1.2.1, aws4@^1.6.0: version "1.6.0" resolved "https://registry.yarnpkg.com/aws4/-/aws4-1.6.0.tgz#83ef5ca860b2b32e4a0deedee8c771b9db57471e" -axios@~0.15.3: - version "0.15.3" - resolved "https://registry.yarnpkg.com/axios/-/axios-0.15.3.tgz#2c9d638b2e191a08ea1d6cc988eadd6ba5bdc053" - dependencies: - follow-redirects "1.0.0" - babel-code-frame@^6.22.0, babel-code-frame@^6.26.0: version "6.26.0" resolved "https://registry.yarnpkg.com/babel-code-frame/-/babel-code-frame-6.26.0.tgz#63fd43f7dc1e3bb7ce35947db8fe369a3f58c74b" @@ -1702,12 +1701,6 @@ flat-cache@^1.2.1: graceful-fs "^4.1.2" write "^0.2.1" -follow-redirects@1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.0.0.tgz#8e34298cbd2e176f254effec75a1c78cc849fd37" - dependencies: - debug "^2.2.0" - for-in@^1.0.1, for-in@^1.0.2: version "1.0.2" resolved "https://registry.yarnpkg.com/for-in/-/for-in-1.0.2.tgz#81068d295a8142ec0ac726c6e2200c30fb6d5e80" @@ -2203,10 +2196,6 @@ invert-kv@^1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/invert-kv/-/invert-kv-1.0.0.tgz#104a8e4aaca6d3d8cd157a8ef8bfab2d7a3ffdb6" -ip@1.1.4: - version "1.1.4" - resolved "https://registry.yarnpkg.com/ip/-/ip-1.1.4.tgz#de8247ffef940451832550fba284945e6e039bfb" - ipaddr.js@1.6.0: version "1.6.0" resolved "https://registry.yarnpkg.com/ipaddr.js/-/ipaddr.js-1.6.0.tgz#e3fa357b773da619f26e95f049d055c72796f86b" @@ -3116,7 +3105,7 @@ lodash.sortby@^4.7.0: version "4.7.0" resolved "https://registry.yarnpkg.com/lodash.sortby/-/lodash.sortby-4.7.0.tgz#edd14c824e2cc9c1e0b0a1b42bb5210516a42438" -lodash@^4.0.0, lodash@^4.13.1, lodash@^4.14.0, lodash@^4.17.4, lodash@^4.17.5, lodash@^4.3.0: +lodash@^4.13.1, lodash@^4.14.0, lodash@^4.17.4, lodash@^4.17.5, lodash@^4.3.0: version "4.17.5" resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.5.tgz#99a92d65c0272debe8c96b6057bc8fbfa3bed511" @@ -3370,16 +3359,6 @@ node-cron@^1.2.1: version "1.2.1" resolved "https://registry.yarnpkg.com/node-cron/-/node-cron-1.2.1.tgz#8c90bc5dc723a56289b0786655ab4a1c4cb60368" -node-hue-api@^2.4.2: - version "2.4.2" - resolved "https://registry.yarnpkg.com/node-hue-api/-/node-hue-api-2.4.2.tgz#f721aba415a6c4a8d0b4c2af0ab36939f0ab5cb7" - dependencies: - axios "~0.15.3" - deep-extend "~0.4.0" - q "~1.4" - traits "~0.4.0" - xml2js "~0.4" - node-int64@^0.4.0: version "0.4.0" resolved "https://registry.yarnpkg.com/node-int64/-/node-int64-0.4.0.tgz#87a9065cdb355d3182d8f94ce11188b825c68a3b" @@ -3963,10 +3942,6 @@ punycode@^2.1.0: version "2.1.0" resolved "https://registry.yarnpkg.com/punycode/-/punycode-2.1.0.tgz#5f863edc89b96db09074bad7947bf09056ca4e7d" -q@~1.4: - version "1.4.1" - resolved "https://registry.yarnpkg.com/q/-/q-1.4.1.tgz#55705bcd93c5f3673530c2c2cbc0c2b3addc286e" - qs@6.5.1, qs@~6.5.1: version "6.5.1" resolved "https://registry.yarnpkg.com/qs/-/qs-6.5.1.tgz#349cdf6eef89ec45c12d7d5eb3fc0c870343a6d8" @@ -4162,33 +4137,6 @@ request@2.81.0: tunnel-agent "^0.6.0" uuid "^3.0.0" -request@^2.72.0, request@^2.79.0: - version "2.85.0" - resolved "https://registry.yarnpkg.com/request/-/request-2.85.0.tgz#5a03615a47c61420b3eb99b7dba204f83603e1fa" - dependencies: - aws-sign2 "~0.7.0" - aws4 "^1.6.0" - caseless "~0.12.0" - combined-stream "~1.0.5" - extend "~3.0.1" - forever-agent "~0.6.1" - form-data "~2.3.1" - har-validator "~5.0.3" - hawk "~6.0.2" - http-signature "~1.2.0" - is-typedarray "~1.0.0" - isstream "~0.1.2" - json-stringify-safe "~5.0.1" - mime-types "~2.1.17" - oauth-sign "~0.8.2" - performance-now "^2.1.0" - qs "~6.5.1" - safe-buffer "^5.1.1" - stringstream "~0.0.5" - tough-cookie "~2.3.3" - tunnel-agent "^0.6.0" - uuid "^3.1.0" - request@^2.83.0: version "2.83.0" resolved "https://registry.yarnpkg.com/request/-/request-2.83.0.tgz#ca0b65da02ed62935887808e6f510381034e3356" @@ -4346,7 +4294,7 @@ sane@^2.0.0: optionalDependencies: fsevents "^1.1.1" -sax@>=0.6.0, sax@^1.2.4: +sax@^1.2.4: version "1.2.4" resolved "https://registry.yarnpkg.com/sax/-/sax-1.2.4.tgz#2816234e2378bddc4e5354fab5caa895df7100d9" @@ -4551,18 +4499,6 @@ socket.io@^2.0.4: socket.io-client "2.0.4" socket.io-parser "~3.1.1" -sonos@^0.17.0: - version "0.17.0" - resolved "https://registry.yarnpkg.com/sonos/-/sonos-0.17.0.tgz#7f877bd05fcc1017539f42b2921b66d733a370eb" - dependencies: - debug "^2.3.3" - ip "1.1.4" - request "^2.79.0" - safe-buffer "^5.0.1" - underscore "1.8.3" - upnp-client "0.0.1" - xml2js "0.4.17" - source-map-resolve@^0.5.0: version "0.5.1" resolved "https://registry.yarnpkg.com/source-map-resolve/-/source-map-resolve-0.5.1.tgz#7ad0f593f2281598e854df80f19aae4b92d7a11a" @@ -4686,10 +4622,6 @@ stealthy-require@^1.1.0: version "1.1.1" resolved "https://registry.yarnpkg.com/stealthy-require/-/stealthy-require-1.1.1.tgz#35b09875b4ff49f26a777e509b3090a3226bf24b" -"step@>= 0.0.3": - version "1.0.0" - resolved "https://registry.yarnpkg.com/step/-/step-1.0.0.tgz#b300e9d2ae9057d4d78633aae2303813a94bdff2" - stream-combiner@~0.0.4: version "0.0.4" resolved "https://registry.yarnpkg.com/stream-combiner/-/stream-combiner-0.0.4.tgz#4d5e433c185261dde623ca3f44c586bcf5c4ad14" @@ -4856,36 +4788,6 @@ text-table@~0.2.0: version "0.2.0" resolved "https://registry.yarnpkg.com/text-table/-/text-table-0.2.0.tgz#7f5ee823ae805207c00af2df4a84ec3fcfa570b4" -thinglator-driver-aeotec-door-window-sensor@^2.0.1: - version "2.0.1" - resolved "https://registry.yarnpkg.com/thinglator-driver-aeotec-door-window-sensor/-/thinglator-driver-aeotec-door-window-sensor-2.0.1.tgz#4ea5a6da68da7d2cbb4896f981cf52a6b6b7995b" - -thinglator-driver-aeotec-multisensor@^2.0.1: - version "2.0.1" - resolved "https://registry.yarnpkg.com/thinglator-driver-aeotec-multisensor/-/thinglator-driver-aeotec-multisensor-2.0.1.tgz#86508290c865e6e41272131e223038c8c1a15c9e" - -thinglator-driver-aeotec-socket@^2.0.0: - version "2.0.0" - resolved "https://registry.yarnpkg.com/thinglator-driver-aeotec-socket/-/thinglator-driver-aeotec-socket-2.0.0.tgz#a41db2b6841b45d900057407127fc7d90741ed5b" - -thinglator-driver-hue-light@^3.0.1: - version "3.0.1" - resolved "https://registry.yarnpkg.com/thinglator-driver-hue-light/-/thinglator-driver-hue-light-3.0.1.tgz#018ccac10af13cb4abc4b3e0656856e337fb9b82" - dependencies: - node-hue-api "^2.4.2" - -thinglator-driver-lifx@^3.0.0: - version "3.0.0" - resolved "https://registry.yarnpkg.com/thinglator-driver-lifx/-/thinglator-driver-lifx-3.0.0.tgz#3fd1853fa76279fe2c0d38980d73bd3e418d47d6" - dependencies: - ya-lifx "2.0.0" - -thinglator-driver-sonos@^3.0.2: - version "3.0.2" - resolved "https://registry.yarnpkg.com/thinglator-driver-sonos/-/thinglator-driver-sonos-3.0.2.tgz#4308fd49e7b69704b957748494ef3dbd7e7eab78" - dependencies: - sonos "^0.17.0" - throat@^4.0.0: version "4.1.0" resolved "https://registry.yarnpkg.com/throat/-/throat-4.1.0.tgz#89037cbc92c56ab18926e6ba4cbb200e15672a6a" @@ -4956,10 +4858,6 @@ tr46@^1.0.0: dependencies: punycode "^2.1.0" -traits@~0.4.0: - version "0.4.0" - resolved "https://registry.yarnpkg.com/traits/-/traits-0.4.0.tgz#416edcabdc8bf64bd29102a7453dcddd857371a1" - trim-right@^1.0.1: version "1.0.1" resolved "https://registry.yarnpkg.com/trim-right/-/trim-right-1.0.1.tgz#cb2e1203067e0c8de1f614094b9fe45704ea6003" @@ -5022,10 +4920,6 @@ undefsafe@^2.0.2: dependencies: debug "^2.2.0" -underscore@1.8.3: - version "1.8.3" - resolved "https://registry.yarnpkg.com/underscore/-/underscore-1.8.3.tgz#4f3fb53b106e6097fcf9cb4109f2a5e9bdfa5022" - union-value@^1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/union-value/-/union-value-1.0.0.tgz#5c71c34cb5bad5dcebe3ea0cd08207ba5aa1aea4" @@ -5074,12 +4968,6 @@ update-notifier@^2.3.0: semver-diff "^2.0.0" xdg-basedir "^3.0.0" -upnp-client@0.0.1: - version "0.0.1" - resolved "https://registry.yarnpkg.com/upnp-client/-/upnp-client-0.0.1.tgz#8761fcb760144cd93d8003bc4978f37d71e5454c" - dependencies: - step ">= 0.0.3" - urix@^0.1.0: version "0.1.0" resolved "https://registry.yarnpkg.com/urix/-/urix-0.1.0.tgz#da937f7a62e21fec1fd18d49b35c2935067a6c72" @@ -5289,30 +5177,6 @@ xml-name-validator@^3.0.0: version "3.0.0" resolved "https://registry.yarnpkg.com/xml-name-validator/-/xml-name-validator-3.0.0.tgz#6ae73e06de4d8c6e47f9fb181f78d648ad457c6a" -xml2js@0.4.17: - version "0.4.17" - resolved "https://registry.yarnpkg.com/xml2js/-/xml2js-0.4.17.tgz#17be93eaae3f3b779359c795b419705a8817e868" - dependencies: - sax ">=0.6.0" - xmlbuilder "^4.1.0" - -xml2js@~0.4: - version "0.4.19" - resolved "https://registry.yarnpkg.com/xml2js/-/xml2js-0.4.19.tgz#686c20f213209e94abf0d1bcf1efaa291c7827a7" - dependencies: - sax ">=0.6.0" - xmlbuilder "~9.0.1" - -xmlbuilder@^4.1.0: - version "4.2.1" - resolved "https://registry.yarnpkg.com/xmlbuilder/-/xmlbuilder-4.2.1.tgz#aa58a3041a066f90eaa16c2f5389ff19f3f461a5" - dependencies: - lodash "^4.0.0" - -xmlbuilder@~9.0.1: - version "9.0.7" - resolved "https://registry.yarnpkg.com/xmlbuilder/-/xmlbuilder-9.0.7.tgz#132ee63d2ec5565c557e20f4c22df9aca686b10d" - xmlhttprequest-ssl@~1.5.4: version "1.5.5" resolved "https://registry.yarnpkg.com/xmlhttprequest-ssl/-/xmlhttprequest-ssl-1.5.5.tgz#c2876b06168aadc40e57d97e81191ac8f4398b3e" @@ -5321,12 +5185,6 @@ y18n@^3.2.1: version "3.2.1" resolved "https://registry.yarnpkg.com/y18n/-/y18n-3.2.1.tgz#6d15fba884c08679c0d77e88e7759e811e07fa41" -ya-lifx@2.0.0: - version "2.0.0" - resolved "https://registry.yarnpkg.com/ya-lifx/-/ya-lifx-2.0.0.tgz#d22e6d7de907072957c4c0d3780d9c654e696c80" - dependencies: - request "^2.72.0" - yallist@^2.1.2: version "2.1.2" resolved "https://registry.yarnpkg.com/yallist/-/yallist-2.1.2.tgz#1c11f9218f076089a47dd512f93c6699a6a81d52"