Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Testinga Clojure project with Snyk
$ lein new reagent-frontend myproject
Retrieving reagent-frontend/lein-template/0.1.55/lein-template-0.1.55.pom from clojars
Retrieving reagent-frontend/lein-template/0.1.55/lein-template-0.1.55.jar from clojars
Generating fresh 'lein new' Reagent frontend project.
$ cd myproject
$ lein pom
Retrieving lein-cljsbuild/lein-cljsbuild/1.1.7/lein-cljsbuild-1.1.7.pom from clojars
Retrieving fs/fs/1.1.2/fs-1.1.2.pom from clojars
Retrieving lein-figwheel/lein-figwheel/0.5.19/lein-figwheel-0.5.19.pom from clojars
Retrieving simple-lein-profile-merge/simple-lein-profile-merge/0.1.4/simple-lein-profile-merge-0.1.4.pom from clojars
Retrieving org/clojure/clojure/1.3.0/clojure-1.3.0.jar from central
Retrieving simple-lein-profile-merge/simple-lein-profile-merge/0.1.4/simple-lein-profile-merge-0.1.4.jar from clojars
Retrieving lein-figwheel/lein-figwheel/0.5.19/lein-figwheel-0.5.19.jar from clojars
Retrieving lein-cljsbuild/lein-cljsbuild/1.1.7/lein-cljsbuild-1.1.7.jar from clojars
Retrieving fs/fs/1.1.2/fs-1.1.2.jar from clojars
Wrote /private/tmp/clj/myproject/pom.xml
$ snyk test --print-dep
myproject:myproject @ 0.1.0-SNAPSHOT
├─ org.clojure:clojure @ 1.10.1
│ ├─ org.clojure:spec.alpha @ 0.2.176
│ └─ org.clojure:core.specs.alpha @ 0.2.44
├─ org.clojure:clojurescript @ 1.10.520
│ ├─ com.google.javascript:closure-compiler-unshaded @ v20180805
│ │ ├─ com.google.javascript:closure-compiler-externs @ v20180805
│ │ ├─ args4j:args4j @ 2.0.26
│ │ ├─ com.google.errorprone:error_prone_annotations @ 2.0.18
│ │ ├─ com.google.guava:guava @ 25.1-jre
│ │ │ ├─ org.checkerframework:checker-qual @ 2.0.0
│ │ │ ├─ com.google.j2objc:j2objc-annotations @ 1.1
│ │ │ └─ org.codehaus.mojo:animal-sniffer-annotations @ 1.14
│ │ ├─ com.google.protobuf:protobuf-java @ 3.0.2
│ │ ├─ com.google.code.gson:gson @ 2.7
│ │ ├─ com.google.code.findbugs:jsr305 @ 3.0.1
│ │ └─ com.google.jsinterop:jsinterop-annotations @ 1.0.0
│ ├─ org.clojure:google-closure-library @ 0.0-20170809-b9c14c6b
│ │ └─ org.clojure:google-closure-library-third-party @ 0.0-20170809-b9c14c6b
│ ├─ org.clojure:data.json @ 0.2.6
│ ├─ org.mozilla:rhino @ 1.7R5
│ ├─ org.clojure:tools.reader @ 1.3.0
│ └─ com.cognitect:transit-clj @ 0.8.309
│ └─ com.cognitect:transit-java @ 0.8.332
│ ├─ com.fasterxml.jackson.core:jackson-core @ 2.8.7
│ ├─ org.msgpack:msgpack @ 0.6.12
│ │ ├─ com.googlecode.json-simple:json-simple @ 1.1.1
│ │ └─ org.javassist:javassist @ 3.18.1-GA
│ └─ commons-codec:commons-codec @ 1.10
└─ reagent:reagent @ 0.8.1
├─ cljsjs:react @ 16.3.2-0
├─ cljsjs:react-dom @ 16.3.2-0
├─ cljsjs:react-dom-server @ 16.3.2-0
└─ cljsjs:create-react-class @ 15.6.3-0
Testing /private/tmp/clj/myproject...
Tested 33 dependencies for known issues, found 8 issues, 8 vulnerable paths.
Issues with no direct upgrade or patch:
✗ Integer Overflow [High Severity][https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-173761] in com.google.protobuf:protobuf-java@3.0.2
introduced by org.clojure:clojurescript@1.10.520 > com.google.javascript:closure-compiler-unshaded@v20180805 > com.google.protobuf:protobuf-java@3.0.2
This issue was fixed in versions: 3.4.0
License issues:
✗ MPL-2.0 license (new) [Medium Severity][https://snyk.io/vuln/snyk:lic:maven:org.mozilla:rhino:MPL-2.0] in org.mozilla:rhino@1.7R5
introduced by org.clojure:clojurescript@1.10.520 > org.mozilla:rhino@1.7R5
✗ EPL-1.0 license (new) [Medium Severity][https://snyk.io/vuln/snyk:lic:maven:org.clojure:tools.reader:EPL-1.0] in org.clojure:tools.reader@1.3.0
introduced by org.clojure:clojurescript@1.10.520 > org.clojure:tools.reader@1.3.0
✗ EPL-1.0 license (new) [Medium Severity][https://snyk.io/vuln/snyk:lic:maven:org.clojure:spec.alpha:EPL-1.0] in org.clojure:spec.alpha@0.2.176
introduced by org.clojure:clojure@1.10.1 > org.clojure:spec.alpha@0.2.176
✗ EPL-1.0 license (new) [Medium Severity][https://snyk.io/vuln/snyk:lic:maven:org.clojure:data.json:EPL-1.0] in org.clojure:data.json@0.2.6
introduced by org.clojure:clojurescript@1.10.520 > org.clojure:data.json@0.2.6
✗ EPL-1.0 license (new) [Medium Severity][https://snyk.io/vuln/snyk:lic:maven:org.clojure:core.specs.alpha:EPL-1.0] in org.clojure:core.specs.alpha@0.2.44
introduced by org.clojure:clojure@1.10.1 > org.clojure:core.specs.alpha@0.2.44
✗ EPL-1.0 license (new) [Medium Severity][https://snyk.io/vuln/snyk:lic:maven:org.clojure:clojurescript:EPL-1.0] in org.clojure:clojurescript@1.10.520
✗ EPL-1.0 license (new) [Medium Severity][https://snyk.io/vuln/snyk:lic:maven:org.clojure:clojure:EPL-1.0] in org.clojure:clojure@1.10.1
Organization: garethr
Package manager: maven
Target file: pom.xml
Open source: no
Project path: /private/tmp/clj/myproject
Licenses: enabled
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment