003c3dfd01
Minetrack currently has a 11 vulnerable dependency paths, introducing 6 different types of known vulnerabilities. This PR fixes vulnerable dependencies, [ReDOS vulnerability](https://snyk.io/vuln/npm:tough-cookie:20160722) in the `tough-cookie` dependency, [remote memory exposure ](https://snyk.io/vuln/npm:request:20160119) vulnerability in the `request` dependency. You can see [Snyk test report](https://snyk.io/test/github/Cryptkeeper/Minetrack) of this project for details. This PR changes `Package.json` to upgrade `request` to the newer 2.74.0 version, and will fix all the vulnerabilities listed above. You can get alerts and fix PRs for future vulnerabilities for free by [watching this repo with Snyk](https://snyk.io/add). Note this PR fixes all the vulnerabilities introduced trough `request` dependency, in order to be vulnerability free you will need to upgrade others dependencies as well. Full disclosure: I'm a part of the Snyk team, just looking to spread some security goodness and awareness ;)
36 lines
871 B
JSON
36 lines
871 B
JSON
{
|
|
"name": "minetrack",
|
|
"version": "2.2.2",
|
|
"description": "A Minecraft server tracker that lets you focus on the basics.",
|
|
"main": "app.js",
|
|
"dependencies": {
|
|
"mc-ping-updated": "0.1.0",
|
|
"mcpe-ping-fixed": "0.0.3",
|
|
"mime": "1.3.4",
|
|
"request": "2.74.0",
|
|
"socket.io": "1.3.7",
|
|
"sqlite3": "3.1.1",
|
|
"winston": "2.0.0"
|
|
},
|
|
"repository": {
|
|
"type": "git",
|
|
"url": "git+https://github.com/Cryptkeeper/Minetrack.git"
|
|
},
|
|
"keywords": [
|
|
"minetrack"
|
|
],
|
|
"author": "Cryptkeeper <hello@cryptkpr.me>",
|
|
"license": "MIT",
|
|
"bugs": {
|
|
"url": "https://github.com/Cryptkeeper/Minetrack/issues"
|
|
},
|
|
"homepage": "https://github.com/Cryptkeeper/Minetrack#README",
|
|
"devDependencies": {
|
|
"gulp": "^3.9.0",
|
|
"gulp-cssmin": "^0.1.7",
|
|
"gulp-if": "^2.0.0",
|
|
"gulp-nodemon": "^2.0.4",
|
|
"gulp-uglify": "^1.5.1"
|
|
}
|
|
}
|