Merge pull request #88 from CMU-17313Q/snyk-integration

Integrating Snyk Analysis Tool
CMU-17313Q · Nov 1, 2024 · 0af0e87 · 0af0e87
2 parents 7fe8287 + a9730b3
commit 0af0e87
Show file tree

Hide file tree

Showing 4 changed files with 280 additions and 1 deletion.
diff --git a/.github/workflows/snyk.yaml b/.github/workflows/snyk.yaml
@@ -0,0 +1,37 @@
+name: Snyk Test
+
+on:
+  pull_request:
+    branches:
+      - f24
+  workflow_call: # Usually called from deploy
+
+defaults:
+  run:
+    shell: bash
+
+permissions:
+  checks: write  # for coverallsapp/github-action to create new checks
+  contents: read  # for actions/checkout to fetch code
+
+jobs:
+  snyk:
+    runs-on: ubuntu-latest
+    env:
+      SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}  # Ensure your token is added as a secret in GitHub
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+
+      - name: NPM Install
+        uses: bahmutov/npm-install@v1
+        with:
+          useLockFile: false
+
+      - name: Run Snyk Test
+        run: npx snyk test --severity-threshold=high
diff --git a/.snyk b/.snyk
@@ -0,0 +1,42 @@
+version: v1.1293.1
+
+ignore:
+  "SNYK-JS-BOOTBOX-174704":
+    - "*": # ignore for all paths
+        reason: "No patch or upgrade available for bootbox@6.0.0"
+        expires: "2025-12-31" 
+
+  "SNYK-JS-COOKIE-8163060":
+    - "*":
+        reason: "No immediate fix available for socket.io dependency"
+        expires: "2025-12-31"
+
+  "SNYK-JS-INFLIGHT-6095116":
+    - "*":
+        reason: "No direct patch available for inflight@1.0.6"
+        expires: "2025-12-31"
+
+  "SNYK-JS-JQUERYFORM-574783":
+    - "*":
+        reason: "No upgrade available for jquery-form@4.3.0"
+        expires: "2025-12-31"
+
+  "SNYK-JS-MARKDOWNIT-6483324":
+    - "*":
+        reason: "No upgrade available"
+        expires: "2025-12-31"
+
+  "SNYK-JS-REQUEST-3361831":
+    - "*":
+        reason: "No upgrade available"
+        expires: "2025-12-31"
+
+  "SNYK-JS-TOUGHCOOKIE-5672873":
+    - "*":
+        reason: "No upgrade available"
+        expires: "2025-12-31"
+
+  "SNYK-JS-ZXCVBN-3257741":
+    - "*":
+        reason: "No upgrade path for zxcvbn@4.4.2"
+        expires: "2025-12-31"
diff --git a/install/package.json b/install/package.json
@@ -169,7 +169,8 @@
         "mocha-lcov-reporter": "1.3.0",
         "mockdate": "3.0.5",
         "nyc": "15.1.0",
-        "smtp-server": "3.13.4"
+        "smtp-server": "3.13.4",
+        "snyk": "^1.1294.0"
     },
     "optionalDependencies": {
         "sass-embedded": "1.77.1"

diff --git a/package.json b/package.json
@@ -0,0 +1,199 @@
+{
+    "name": "nodebb",
+    "license": "GPL-3.0",
+    "description": "NodeBB Forum",
+    "version": "3.8.4",
+    "homepage": "https://www.nodebb.org",
+    "repository": {
+        "type": "git",
+        "url": "https://github.com/NodeBB/NodeBB/"
+    },
+    "main": "app.js",
+    "scripts": {
+        "start": "node loader.js",
+        "lint": "eslint --cache ./nodebb .",
+        "test": "nyc --reporter=html --reporter=text-summary mocha",
+        "coverage": "nyc report --reporter=text-lcov > ./coverage/lcov.info",
+        "coveralls": "nyc report --reporter=text-lcov | coveralls && rm -r coverage"
+    },
+    "nyc": {
+        "exclude": [
+            "src/upgrades/*",
+            "test/*"
+        ]
+    },
+    "lint-staged": {
+        "*.js": [
+            "eslint --fix"
+        ]
+    },
+    "dependencies": {
+        "@adactive/bootstrap-tagsinput": "0.8.2",
+        "@fontsource/inter": "5.0.18",
+        "@fontsource/poppins": "5.0.14",
+        "@fortawesome/fontawesome-free": "6.5.2",
+        "@isaacs/ttlcache": "1.4.1",
+        "@nodebb/spider-detector": "2.0.3",
+        "@popperjs/core": "2.11.8",
+        "@socket.io/redis-adapter": "8.3.0",
+        "ace-builds": "1.33.2",
+        "archiver": "7.0.1",
+        "async": "3.2.5",
+        "autoprefixer": "10.4.19",
+        "bcryptjs": "2.4.3",
+        "benchpressjs": "2.5.1",
+        "body-parser": "^1.20.3",
+        "bootbox": "6.0.0",
+        "bootstrap": "5.3.3",
+        "bootswatch": "5.3.3",
+        "chalk": "4.1.2",
+        "chart.js": "4.4.2",
+        "cli-graph": "3.2.2",
+        "clipboard": "2.0.11",
+        "colors": "1.4.0",
+        "commander": "12.0.0",
+        "compare-versions": "6.1.0",
+        "compression": "1.7.4",
+        "connect-flash": "0.1.1",
+        "connect-mongo": "5.1.0",
+        "connect-multiparty": "2.2.0",
+        "connect-pg-simple": "9.0.1",
+        "connect-redis": "7.1.1",
+        "cookie-parser": "^1.4.7",
+        "cron": "3.1.7",
+        "cropperjs": "1.6.2",
+        "csrf-sync": "4.0.3",
+        "daemon": "1.1.0",
+        "diff": "5.2.0",
+        "esbuild": "0.21.2",
+        "express": "^4.21.1",
+        "express-session": "^1.18.1",
+        "express-useragent": "1.0.15",
+        "fetch-cookie": "3.0.1",
+        "file-loader": "6.2.0",
+        "fs-extra": "11.2.0",
+        "graceful-fs": "4.2.11",
+        "helmet": "7.1.0",
+        "html-to-text": "9.0.5",
+        "imagesloaded": "5.0.0",
+        "ioredis": "5.4.1",
+        "ipaddr.js": "2.2.0",
+        "jquery": "3.7.1",
+        "jquery-deserialize": "2.0.0",
+        "jquery-form": "4.3.0",
+        "jquery-serializeobject": "1.0.0",
+        "jquery-ui": "1.13.3",
+        "jsesc": "3.0.2",
+        "json2csv": "5.0.7",
+        "jsonwebtoken": "9.0.2",
+        "lodash": "4.17.21",
+        "logrotate-stream": "0.2.9",
+        "lru-cache": "10.2.2",
+        "mime": "3.0.0",
+        "mkdirp": "3.0.1",
+        "mongodb": "6.6.1",
+        "morgan": "1.10.0",
+        "mousetrap": "1.6.5",
+        "multiparty": "4.2.3",
+        "nconf": "0.12.1",
+        "nodebb-plugin-2factor": "7.5.3",
+        "nodebb-plugin-composer-default": "10.2.36",
+        "nodebb-plugin-dbsearch": "6.2.5",
+        "nodebb-plugin-emoji": "5.1.15",
+        "nodebb-plugin-emoji-android": "4.0.0",
+        "nodebb-plugin-markdown": "12.2.6",
+        "nodebb-plugin-mentions": "4.4.3",
+        "nodebb-plugin-ntfy": "1.7.4",
+        "nodebb-plugin-spam-be-gone": "2.2.2",
+        "nodebb-rewards-essentials": "1.0.0",
+        "nodebb-theme-harmony": "1.2.63",
+        "nodebb-theme-lavender": "7.1.8",
+        "nodebb-theme-peace": "2.2.6",
+        "nodebb-theme-persona": "13.3.25",
+        "nodebb-widget-essentials": "7.0.18",
+        "nodemailer": "6.9.13",
+        "nprogress": "0.2.0",
+        "passport": "0.7.0",
+        "passport-http-bearer": "1.0.1",
+        "passport-local": "1.0.0",
+        "pg": "8.11.5",
+        "pg-cursor": "2.10.5",
+        "postcss": "8.4.38",
+        "postcss-clean": "1.2.0",
+        "progress-webpack-plugin": "1.0.16",
+        "prompt": "1.3.0",
+        "rimraf": "5.0.7",
+        "rss": "1.2.2",
+        "rtlcss": "4.1.1",
+        "sanitize-html": "2.13.0",
+        "sass": "1.77.1",
+        "semver": "7.6.2",
+        "serve-favicon": "2.5.0",
+        "sharp": "0.32.6",
+        "sitemap": "7.1.1",
+        "socket.io": "4.7.5",
+        "socket.io-client": "4.7.5",
+        "sortablejs": "1.15.2",
+        "spdx-license-list": "6.9.0",
+        "terser-webpack-plugin": "5.3.10",
+        "textcomplete": "0.18.2",
+        "textcomplete.contenteditable": "0.1.1",
+        "timeago": "1.6.7",
+        "tinycon": "0.6.8",
+        "toobusy-js": "0.5.1",
+        "tough-cookie": "4.1.4",
+        "validator": "13.12.0",
+        "webpack": "^5.94.0",
+        "webpack-merge": "5.10.0",
+        "winston": "3.13.0",
+        "workerpool": "9.1.1",
+        "xml": "1.0.1",
+        "xregexp": "5.1.1",
+        "yargs": "17.7.2",
+        "zxcvbn": "4.4.2"
+    },
+    "devDependencies": {
+        "@apidevtools/swagger-parser": "10.1.0",
+        "@commitlint/cli": "19.3.0",
+        "@commitlint/config-angular": "19.3.0",
+        "coveralls": "3.1.1",
+        "eslint": "8.57.0",
+        "eslint-config-nodebb": "0.2.1",
+        "eslint-plugin-import": "2.29.1",
+        "grunt": "1.6.1",
+        "grunt-contrib-watch": "1.1.0",
+        "husky": "8.0.3",
+        "jsdom": "24.0.0",
+        "lint-staged": "15.2.2",
+        "mocha": "10.4.0",
+        "mocha-lcov-reporter": "1.3.0",
+        "mockdate": "3.0.5",
+        "nyc": "15.1.0",
+        "smtp-server": "3.13.4",
+        "snyk": "^1.1294.0"
+    },
+    "optionalDependencies": {
+        "sass-embedded": "1.77.1"
+    },
+    "resolutions": {
+        "*/jquery": "3.7.1"
+    },
+    "bugs": {
+        "url": "https://github.com/NodeBB/NodeBB/issues"
+    },
+    "engines": {
+        "node": ">=18"
+    },
+    "maintainers": [
+        {
+            "name": "Julian Lam",
+            "email": "julian@nodebb.org",
+            "url": "https://github.com/julianlam"
+        },
+        {
+            "name": "Barış Soner Uşaklı",
+            "email": "baris@nodebb.org",
+            "url": "https://github.com/barisusakli"
+        }
+    ]
+}