Fix security issues for snyk result

[jisoolee]

ref #31
ref #32

[jisoolee]

@kirk7880 @krg7880
Could you take a look at my PR? Thank you for your time.

This will fix a number of snyk result

Current snyk result

High sev: 7
Medium sev: 8

JISOOs-MacBook-Pro:json-schema-generator [email protected]$ snyk test

Testing /Users/[email protected]/develop/json-schema-generator...

Tested 74 dependencies for known issues, found 15 issues, 19 vulnerable paths.


Issues to fix by upgrading:

  Upgrade [email protected] to [email protected] to fix
  ✗ Prototype Pollution [Medium Severity][https://snyk.io/vuln/SNYK-JS-MINIMIST-559764] in [email protected]
    introduced by [email protected] > [email protected] and 1 other path(s)

  Upgrade [email protected] to [email protected] to fix
  ✗ Prototype Pollution [High Severity][https://snyk.io/vuln/SNYK-JS-AJV-584908] in [email protected]
    introduced by [email protected] > [email protected] > [email protected]


Patchable issues:

  Patch available for [email protected]
  ✗ Prototype Pollution [High Severity][https://snyk.io/vuln/npm:extend:20180424] in [email protected]
    introduced by [email protected] > [email protected]

  Patch available for [email protected]
  ✗ Prototype Pollution [Medium Severity][https://snyk.io/vuln/npm:hoek:20180212] in [email protected]
    introduced by [email protected] > [email protected] > [email protected] and 3 other path(s)

  Patch available for [email protected]
  ✗ Prototype Pollution [Medium Severity][https://snyk.io/vuln/npm:lodash:20180130] in [email protected]
    introduced by [email protected] > [email protected] > [email protected]

  Patch available for [email protected]
  ✗ Uninitialized Memory Exposure [Medium Severity][https://snyk.io/vuln/npm:stringstream:20180511] in [email protected]
    introduced by [email protected] > [email protected]


Issues with no direct upgrade or patch:
  ✗ Prototype Pollution [High Severity][https://snyk.io/vuln/SNYK-JS-LODASH-450202] in [email protected]
    introduced by [email protected] > [email protected] > [email protected]
  This issue was fixed in versions: 4.17.12
  ✗ Prototype Pollution [Medium Severity][https://snyk.io/vuln/SNYK-JS-LODASH-567746] in [email protected]
    introduced by [email protected] > [email protected] > [email protected]
  This issue was fixed in versions: 4.17.16
  ✗ Prototype Pollution [High Severity][https://snyk.io/vuln/SNYK-JS-LODASH-590103] in [email protected]
    introduced by [email protected] > [email protected] > [email protected]
  This issue was fixed in versions: 4.17.20
  ✗ Prototype Pollution [High Severity][https://snyk.io/vuln/SNYK-JS-LODASH-608086] in [email protected]
    introduced by [email protected] > [email protected] > [email protected]
  This issue was fixed in versions: 4.17.17
  ✗ Prototype Pollution [High Severity][https://snyk.io/vuln/SNYK-JS-LODASH-73638] in [email protected]
    introduced by [email protected] > [email protected] > [email protected]
  This issue was fixed in versions: 4.17.11
  ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://snyk.io/vuln/SNYK-JS-LODASH-73639] in [email protected]
    introduced by [email protected] > [email protected] > [email protected]
  This issue was fixed in versions: 4.17.11
  ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://snyk.io/vuln/SNYK-JS-MARKDOWNIT-459438] in [email protected]
    introduced by [email protected] > [email protected]
  This issue was fixed in versions: 10.0.0
  ✗ Insecure Randomness [Medium Severity][https://snyk.io/vuln/npm:cryptiles:20180710] in [email protected]
    introduced by [email protected] > [email protected] > [email protected]
  This issue was fixed in versions: 3.1.3, 4.1.2
  ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://snyk.io/vuln/npm:sshpk:20180409] in [email protected]
    introduced by [email protected] > [email protected] > [email protected]
  This issue was fixed in versions: 1.14.1



Organization:      jisoolee
Package manager:   npm
Target file:       package.json
Project name:      json-schema-generator
Open source:       no
Project path:      /Users/[email protected]/develop/json-schema-generator
Licenses:          enabled

Run `snyk wizard` to address these issues.

After my PR snyk result

Medium sev: 1

JISOOs-MacBook-Pro:json-schema-generator [email protected]$ snyk test

Testing /Users/[email protected]/develop/json-schema-generator...

Tested 55 dependencies for known issues, found 1 issue, 1 vulnerable path.


Issues with no direct upgrade or patch:
  ✗ Prototype Pollution [Medium Severity][https://snyk.io/vuln/SNYK-JS-MINIMIST-559764] in [email protected]
    introduced by [email protected] > [email protected]
  This issue was fixed in versions: 0.2.1, 1.2.3



Organization:      jisoolee
Package manager:   npm
Target file:       package-lock.json
Project name:      json-schema-generator
Open source:       no
Project path:      /Users/[email protected]/develop/json-schema-generator
Licenses:          enabled

Run `snyk wizard` to address these issues.

Thank you in advance.

[jisoolee]

And could you release a new version after this is merged? Thank you in advance 🙇

[jisoolee]

@kirk7880 @krg7880 Is there any news for this? Thank you for your time.

[jisoolee]

@kirk7880 @krg7880 Could you please take a look at this PR?

[jisoolee]

@kirk7880 @krg7880 Any news for this?

[jisoolee]

I guess I have to update some dependencies for this..

[jisoolee]

@kirk7880 @krg7880 Could you take a look at this? This PR will resolve many snyk issues.

[jisoolee]

Hello @kirk7880 @krg7880 , is there any updates?

[jisoolee]

Hi @kirk7880 @krg7880 , could you take a look at this PR?

[jisoolee]

Hi @kirk7880 @krg7880 , could you please update this? There are High Severity issues which could be fixed by this update.

[jisoolee]

Hello, @kirk7880 @krg7880 . Could you take a look at this?