Created
November 6, 2019 14:23
-
-
Save garethr/6a517651b62cb43ac3c8a0f9c4ab561d to your computer and use it in GitHub Desktop.
Testinga Clojure project with Snyk
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ lein new reagent-frontend myproject | |
| Retrieving reagent-frontend/lein-template/0.1.55/lein-template-0.1.55.pom from clojars | |
| Retrieving reagent-frontend/lein-template/0.1.55/lein-template-0.1.55.jar from clojars | |
| Generating fresh 'lein new' Reagent frontend project. | |
| $ cd myproject | |
| $ lein pom | |
| Retrieving lein-cljsbuild/lein-cljsbuild/1.1.7/lein-cljsbuild-1.1.7.pom from clojars | |
| Retrieving fs/fs/1.1.2/fs-1.1.2.pom from clojars | |
| Retrieving lein-figwheel/lein-figwheel/0.5.19/lein-figwheel-0.5.19.pom from clojars | |
| Retrieving simple-lein-profile-merge/simple-lein-profile-merge/0.1.4/simple-lein-profile-merge-0.1.4.pom from clojars | |
| Retrieving org/clojure/clojure/1.3.0/clojure-1.3.0.jar from central | |
| Retrieving simple-lein-profile-merge/simple-lein-profile-merge/0.1.4/simple-lein-profile-merge-0.1.4.jar from clojars | |
| Retrieving lein-figwheel/lein-figwheel/0.5.19/lein-figwheel-0.5.19.jar from clojars | |
| Retrieving lein-cljsbuild/lein-cljsbuild/1.1.7/lein-cljsbuild-1.1.7.jar from clojars | |
| Retrieving fs/fs/1.1.2/fs-1.1.2.jar from clojars | |
| Wrote /private/tmp/clj/myproject/pom.xml | |
| $ snyk test --print-dep | |
| myproject:myproject @ 0.1.0-SNAPSHOT | |
| ├─ org.clojure:clojure @ 1.10.1 | |
| │ ├─ org.clojure:spec.alpha @ 0.2.176 | |
| │ └─ org.clojure:core.specs.alpha @ 0.2.44 | |
| ├─ org.clojure:clojurescript @ 1.10.520 | |
| │ ├─ com.google.javascript:closure-compiler-unshaded @ v20180805 | |
| │ │ ├─ com.google.javascript:closure-compiler-externs @ v20180805 | |
| │ │ ├─ args4j:args4j @ 2.0.26 | |
| │ │ ├─ com.google.errorprone:error_prone_annotations @ 2.0.18 | |
| │ │ ├─ com.google.guava:guava @ 25.1-jre | |
| │ │ │ ├─ org.checkerframework:checker-qual @ 2.0.0 | |
| │ │ │ ├─ com.google.j2objc:j2objc-annotations @ 1.1 | |
| │ │ │ └─ org.codehaus.mojo:animal-sniffer-annotations @ 1.14 | |
| │ │ ├─ com.google.protobuf:protobuf-java @ 3.0.2 | |
| │ │ ├─ com.google.code.gson:gson @ 2.7 | |
| │ │ ├─ com.google.code.findbugs:jsr305 @ 3.0.1 | |
| │ │ └─ com.google.jsinterop:jsinterop-annotations @ 1.0.0 | |
| │ ├─ org.clojure:google-closure-library @ 0.0-20170809-b9c14c6b | |
| │ │ └─ org.clojure:google-closure-library-third-party @ 0.0-20170809-b9c14c6b | |
| │ ├─ org.clojure:data.json @ 0.2.6 | |
| │ ├─ org.mozilla:rhino @ 1.7R5 | |
| │ ├─ org.clojure:tools.reader @ 1.3.0 | |
| │ └─ com.cognitect:transit-clj @ 0.8.309 | |
| │ └─ com.cognitect:transit-java @ 0.8.332 | |
| │ ├─ com.fasterxml.jackson.core:jackson-core @ 2.8.7 | |
| │ ├─ org.msgpack:msgpack @ 0.6.12 | |
| │ │ ├─ com.googlecode.json-simple:json-simple @ 1.1.1 | |
| │ │ └─ org.javassist:javassist @ 3.18.1-GA | |
| │ └─ commons-codec:commons-codec @ 1.10 | |
| └─ reagent:reagent @ 0.8.1 | |
| ├─ cljsjs:react @ 16.3.2-0 | |
| ├─ cljsjs:react-dom @ 16.3.2-0 | |
| ├─ cljsjs:react-dom-server @ 16.3.2-0 | |
| └─ cljsjs:create-react-class @ 15.6.3-0 | |
| Testing /private/tmp/clj/myproject... | |
| Tested 33 dependencies for known issues, found 8 issues, 8 vulnerable paths. | |
| Issues with no direct upgrade or patch: | |
| ✗ Integer Overflow [High Severity][https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-173761] in com.google.protobuf:protobuf-java@3.0.2 | |
| introduced by org.clojure:clojurescript@1.10.520 > com.google.javascript:closure-compiler-unshaded@v20180805 > com.google.protobuf:protobuf-java@3.0.2 | |
| This issue was fixed in versions: 3.4.0 | |
| License issues: | |
| ✗ MPL-2.0 license (new) [Medium Severity][https://snyk.io/vuln/snyk:lic:maven:org.mozilla:rhino:MPL-2.0] in org.mozilla:rhino@1.7R5 | |
| introduced by org.clojure:clojurescript@1.10.520 > org.mozilla:rhino@1.7R5 | |
| ✗ EPL-1.0 license (new) [Medium Severity][https://snyk.io/vuln/snyk:lic:maven:org.clojure:tools.reader:EPL-1.0] in org.clojure:tools.reader@1.3.0 | |
| introduced by org.clojure:clojurescript@1.10.520 > org.clojure:tools.reader@1.3.0 | |
| ✗ EPL-1.0 license (new) [Medium Severity][https://snyk.io/vuln/snyk:lic:maven:org.clojure:spec.alpha:EPL-1.0] in org.clojure:spec.alpha@0.2.176 | |
| introduced by org.clojure:clojure@1.10.1 > org.clojure:spec.alpha@0.2.176 | |
| ✗ EPL-1.0 license (new) [Medium Severity][https://snyk.io/vuln/snyk:lic:maven:org.clojure:data.json:EPL-1.0] in org.clojure:data.json@0.2.6 | |
| introduced by org.clojure:clojurescript@1.10.520 > org.clojure:data.json@0.2.6 | |
| ✗ EPL-1.0 license (new) [Medium Severity][https://snyk.io/vuln/snyk:lic:maven:org.clojure:core.specs.alpha:EPL-1.0] in org.clojure:core.specs.alpha@0.2.44 | |
| introduced by org.clojure:clojure@1.10.1 > org.clojure:core.specs.alpha@0.2.44 | |
| ✗ EPL-1.0 license (new) [Medium Severity][https://snyk.io/vuln/snyk:lic:maven:org.clojure:clojurescript:EPL-1.0] in org.clojure:clojurescript@1.10.520 | |
| ✗ EPL-1.0 license (new) [Medium Severity][https://snyk.io/vuln/snyk:lic:maven:org.clojure:clojure:EPL-1.0] in org.clojure:clojure@1.10.1 | |
| Organization: garethr | |
| Package manager: maven | |
| Target file: pom.xml | |
| Open source: no | |
| Project path: /private/tmp/clj/myproject | |
| Licenses: enabled | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment