From d9ef4c2a95b990649065047a62e447e7bf082e9d Mon Sep 17 00:00:00 2001 From: Steve Date: Mon, 27 Feb 2017 18:28:52 -0500 Subject: [PATCH 01/10] No Buildnight -- Regex specificity chat bot oversampling 'build night'. Regex improved to respond to specific question, to avoid spamming chatroom --- scripts/riddler_when_build_night.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/riddler_when_build_night.js b/scripts/riddler_when_build_night.js index 31a3ac80..24009b03 100644 --- a/scripts/riddler_when_build_night.js +++ b/scripts/riddler_when_build_night.js @@ -40,7 +40,7 @@ module.exports = function (robot) { var concatBuildNight = function (e) { return "Build Night is on " + formatDate(dateOf(e)) + ", " + locationOf(e); }; var nextBuildNight = _.flow(dateFilter, dateSorted, ensureFindBuildNight); - return robot.hear(/build night/i, function (msg) { // returns when/where of build night + return robot.hear(/when.*?build night/i, function (msg) { // returns when/where of build night if (!eventsUrl) { msg.send('Please set the EVENTS_URL environment variable.'); return; From d49c2fa116d6edc059a6e9a1c6fa6f6e012f372b Mon Sep 17 00:00:00 2001 From: Steve Date: Mon, 27 Feb 2017 18:30:47 -0500 Subject: [PATCH 02/10] No Buildnight -- 'Where' response bot returns location, logical to respond to where questions along with when --- scripts/riddler_when_build_night.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/riddler_when_build_night.js b/scripts/riddler_when_build_night.js index 24009b03..be5d48a0 100644 --- a/scripts/riddler_when_build_night.js +++ b/scripts/riddler_when_build_night.js @@ -40,7 +40,7 @@ module.exports = function (robot) { var concatBuildNight = function (e) { return "Build Night is on " + formatDate(dateOf(e)) + ", " + locationOf(e); }; var nextBuildNight = _.flow(dateFilter, dateSorted, ensureFindBuildNight); - return robot.hear(/when.*?build night/i, function (msg) { // returns when/where of build night + return robot.hear(/when|where.*?build night/i, function (msg) { // returns when/where of build night if (!eventsUrl) { msg.send('Please set the EVENTS_URL environment variable.'); return; From d06d322a16329b45ffbf08bcb816b1f7945049ca Mon Sep 17 00:00:00 2001 From: Steve Date: Mon, 27 Feb 2017 20:24:21 -0500 Subject: [PATCH 03/10] No Buildnight -- Greed Fix Prior commits fired bot on 'where' or 'when' only, without 'build night' specified in the message. Grouped expressions and added word boundries --- scripts/riddler_when_build_night.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/riddler_when_build_night.js b/scripts/riddler_when_build_night.js index be5d48a0..83ce06cd 100644 --- a/scripts/riddler_when_build_night.js +++ b/scripts/riddler_when_build_night.js @@ -40,7 +40,7 @@ module.exports = function (robot) { var concatBuildNight = function (e) { return "Build Night is on " + formatDate(dateOf(e)) + ", " + locationOf(e); }; var nextBuildNight = _.flow(dateFilter, dateSorted, ensureFindBuildNight); - return robot.hear(/when|where.*?build night/i, function (msg) { // returns when/where of build night + return robot.hear(/(when|where)\b(.*?)\b(build night)/i, function (msg) { // returns when/where of build night if (!eventsUrl) { msg.send('Please set the EVENTS_URL environment variable.'); return; From 3dacc6a996fabb2fda7333a88817f7b98c26edb5 Mon Sep 17 00:00:00 2001 From: Steve Date: Mon, 27 Feb 2017 20:34:30 -0500 Subject: [PATCH 04/10] No Buildnight -- Skip #jobs Skip jobs channel per chatroom request Found object properties from: https://github.com/slackapi/hubot-slack/blob/1c49569b52b7774e07e158f4909b3a8e3a3a72c2/test/message.coffee\#L31 --- scripts/riddler_when_build_night.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/riddler_when_build_night.js b/scripts/riddler_when_build_night.js index 83ce06cd..522d0385 100644 --- a/scripts/riddler_when_build_night.js +++ b/scripts/riddler_when_build_night.js @@ -41,6 +41,9 @@ module.exports = function (robot) { var nextBuildNight = _.flow(dateFilter, dateSorted, ensureFindBuildNight); return robot.hear(/(when|where)\b(.*?)\b(build night)/i, function (msg) { // returns when/where of build night + if(msg.channel == 'jobs') { + return; + } if (!eventsUrl) { msg.send('Please set the EVENTS_URL environment variable.'); return; From a82aa4a1ad2c7bc9b6c9cdf8fa53a935c8203cee Mon Sep 17 00:00:00 2001 From: Steve Date: Tue, 28 Feb 2017 21:09:40 -0500 Subject: [PATCH 05/10] Buildnight Channels -- Implementation Switched from blacklist to whitelist per admin request. Use const in script global scope for high visibility. Specific name and limited to this script. Used indexOf for lookup, reference below: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/indexOf --- scripts/riddler_when_build_night.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/riddler_when_build_night.js b/scripts/riddler_when_build_night.js index 522d0385..5cd55da0 100644 --- a/scripts/riddler_when_build_night.js +++ b/scripts/riddler_when_build_night.js @@ -1,5 +1,6 @@ _ = require('lodash/fp'); var eventsUrl = process.env.EVENTS_URL; +const buildNightChannels = ['chat','buildnight'] module.exports = function (robot) { var now; @@ -41,7 +42,7 @@ module.exports = function (robot) { var nextBuildNight = _.flow(dateFilter, dateSorted, ensureFindBuildNight); return robot.hear(/(when|where)\b(.*?)\b(build night)/i, function (msg) { // returns when/where of build night - if(msg.channel == 'jobs') { + if(buildNightChannels.indexOf(msg.channel) === -1) { return; } if (!eventsUrl) { From 9bcab4c9f60312c72cd738cec3921e72b5407587 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 13 Jul 2017 17:25:35 +0000 Subject: [PATCH 06/10] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/npm:ws:20160104 - https://snyk.io/vuln/npm:ws:20160624 - https://snyk.io/vuln/npm:ws:20160920 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:ms:20170412 - https://snyk.io/vuln/npm:negotiator:20160616 Latest report for codeandsupply/supplybot: https://snyk.io/test/github/codeandsupply/supplybot --- .snyk | 41 +++++++++++++++++++++++++++++++++++++++++ package.json | 12 +++++++++--- 2 files changed, 50 insertions(+), 3 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 00000000..bc14277f --- /dev/null +++ b/.snyk @@ -0,0 +1,41 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.7.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:ms:20170412': + - hubot > express > connect > morgan > debug > ms: + patched: '2017-07-13T17:25:35.848Z' + - hubot > express > debug > ms: + patched: '2017-07-13T17:25:35.848Z' + - hubot > express > connect > body-parser > debug > ms: + patched: '2017-07-13T17:25:35.848Z' + - hubot > express > connect > compression > debug > ms: + patched: '2017-07-13T17:25:35.848Z' + - hubot > express > connect > connect-timeout > debug > ms: + patched: '2017-07-13T17:25:35.848Z' + - hubot > express > connect > debug > ms: + patched: '2017-07-13T17:25:35.848Z' + - hubot > express > connect > express-session > debug > ms: + patched: '2017-07-13T17:25:35.848Z' + - hubot > express > connect > finalhandler > debug > ms: + patched: '2017-07-13T17:25:35.848Z' + - hubot > express > send > debug > ms: + patched: '2017-07-13T17:25:35.848Z' + - hubot > express > connect > serve-index > debug > ms: + patched: '2017-07-13T17:25:35.848Z' + - hubot > express > connect > serve-static > send > debug > ms: + patched: '2017-07-13T17:25:35.848Z' + - hubot > express > send > ms: + patched: '2017-07-13T17:25:35.848Z' + - hubot > express > connect > connect-timeout > ms: + patched: '2017-07-13T17:25:35.848Z' + - hubot > express > connect > serve-static > send > ms: + patched: '2017-07-13T17:25:35.848Z' + - hubot > express > connect > serve-favicon > ms: + patched: '2017-07-13T17:25:35.848Z' + 'npm:negotiator:20160616': + - hubot > express > connect > compression > accepts > negotiator: + patched: '2017-07-13T17:25:35.848Z' + - hubot > express > connect > serve-index > accepts > negotiator: + patched: '2017-07-13T17:25:35.848Z' diff --git a/package.json b/package.json index cf6c1bbe..5622cb6b 100644 --- a/package.json +++ b/package.json @@ -19,11 +19,17 @@ "hubot-rules": "^0.1.1", "hubot-scripts": "^2.17.1", "hubot-shipit": "^0.2.0", - "hubot-slack": "^3.4.2", + "hubot-slack": "^4.0.0", "lodash": "^4.12.0", - "node-schedule": "^1.2.0" + "node-schedule": "^1.2.0", + "snyk": "^1.36.2" }, "engines": { "node": "0.10.x" - } + }, + "scripts": { + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" + }, + "snyk": true } From b19326cdf68a2a34b6080ac86c61756bb86123d2 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 28 Sep 2017 05:53:05 +0000 Subject: [PATCH 07/10] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:debug:20170905 Latest report for codeandsupply/supplybot: https://snyk.io/test/github/codeandsupply/supplybot --- .snyk | 28 ++++++++++++++++++++++++++++ package.json | 10 ++++++++-- 2 files changed, 36 insertions(+), 2 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 00000000..8b785784 --- /dev/null +++ b/.snyk @@ -0,0 +1,28 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.7.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:debug:20170905': + - hubot > express > connect > debug: + patched: '2017-09-28T05:53:04.958Z' + - hubot > express > debug: + patched: '2017-09-28T05:53:04.958Z' + - hubot > express > connect > body-parser > debug: + patched: '2017-09-28T05:53:04.958Z' + - hubot > express > connect > compression > debug: + patched: '2017-09-28T05:53:04.958Z' + - hubot > express > connect > connect-timeout > debug: + patched: '2017-09-28T05:53:04.958Z' + - hubot > express > send > debug: + patched: '2017-09-28T05:53:04.958Z' + - hubot > express > connect > express-session > debug: + patched: '2017-09-28T05:53:04.958Z' + - hubot > express > connect > finalhandler > debug: + patched: '2017-09-28T05:53:04.958Z' + - hubot > express > connect > morgan > debug: + patched: '2017-09-28T05:53:04.958Z' + - hubot > express > connect > serve-index > debug: + patched: '2017-09-28T05:53:04.958Z' + - hubot > express > connect > serve-static > send > debug: + patched: '2017-09-28T05:53:04.958Z' diff --git a/package.json b/package.json index cf6c1bbe..7fe30db8 100644 --- a/package.json +++ b/package.json @@ -21,9 +21,15 @@ "hubot-shipit": "^0.2.0", "hubot-slack": "^3.4.2", "lodash": "^4.12.0", - "node-schedule": "^1.2.0" + "node-schedule": "^1.2.0", + "snyk": "^1.41.1" }, "engines": { "node": "0.10.x" - } + }, + "scripts": { + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" + }, + "snyk": true } From f647e63b47ad9c5adf585e0d5a9f92249a7968fe Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 21 Jun 2018 08:42:32 +0000 Subject: [PATCH 08/10] fix: .snyk & package.json to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:hoek:20180212 --- .snyk | 11 ++++++++++- package.json | 5 +++-- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/.snyk b/.snyk index 8b785784..5756d81f 100644 --- a/.snyk +++ b/.snyk @@ -1,5 +1,5 @@ # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. -version: v1.7.1 +version: v1.12.0 ignore: {} # patches apply the minimum changes required to fix a vulnerability patch: @@ -26,3 +26,12 @@ patch: patched: '2017-09-28T05:53:04.958Z' - hubot > express > connect > serve-static > send > debug: patched: '2017-09-28T05:53:04.958Z' + 'npm:hoek:20180212': + - hubot-slack > @slack/client > request > hawk > hoek: + patched: '2018-06-21T08:42:28.287Z' + - hubot-slack > @slack/client > request > hawk > boom > hoek: + patched: '2018-06-21T08:42:28.287Z' + - hubot-slack > @slack/client > request > hawk > sntp > hoek: + patched: '2018-06-21T08:42:28.287Z' + - hubot-slack > @slack/client > request > hawk > cryptiles > boom > hoek: + patched: '2018-06-21T08:42:28.287Z' diff --git a/package.json b/package.json index 356cf05b..f1ef6fe3 100644 --- a/package.json +++ b/package.json @@ -22,14 +22,15 @@ "hubot-slack": "^4.0.0", "lodash": "^4.12.0", "node-schedule": "^1.2.0", - "snyk": "^1.41.1" + "snyk": "^1.83.0" }, "engines": { "node": "0.10.x" }, "scripts": { "snyk-protect": "snyk protect", - "prepublish": "npm run snyk-protect" + "prepublish": "npm run snyk-protect", + "prepare": "npm run snyk-protect" }, "snyk": true } From 83f4ca2b2de6eeb42e37ec511c611a01efca4af3 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 5 Jul 2018 08:38:08 +0000 Subject: [PATCH 09/10] fix: .snyk & package.json to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:lodash:20180130 --- .snyk | 3 +++ package.json | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.snyk b/.snyk index 5756d81f..7527db21 100644 --- a/.snyk +++ b/.snyk @@ -35,3 +35,6 @@ patch: patched: '2018-06-21T08:42:28.287Z' - hubot-slack > @slack/client > request > hawk > cryptiles > boom > hoek: patched: '2018-06-21T08:42:28.287Z' + 'npm:lodash:20180130': + - hubot-slack > lodash: + patched: '2018-07-05T08:38:07.105Z' diff --git a/package.json b/package.json index f1ef6fe3..cc802b41 100644 --- a/package.json +++ b/package.json @@ -22,7 +22,7 @@ "hubot-slack": "^4.0.0", "lodash": "^4.12.0", "node-schedule": "^1.2.0", - "snyk": "^1.83.0" + "snyk": "^1.88.1" }, "engines": { "node": "0.10.x" From 4b1dddbbf0efeb8e50463219a5e0723d11d4e510 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 9 Aug 2018 08:40:02 +0000 Subject: [PATCH 10/10] fix: package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/npm:fresh:20170908 - https://snyk.io/vuln/npm:mime:20170907 - https://snyk.io/vuln/npm:ms:20170412 - https://snyk.io/vuln/npm:qs:20170213 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index cc802b41..09347471 100644 --- a/package.json +++ b/package.json @@ -5,7 +5,7 @@ "author": "Justin Reese ", "description": "A slackbot for Code & Supply", "dependencies": { - "hubot": "^2.19.0", + "hubot": "^3.1.0", "hubot-diagnostics": "0.0.1", "hubot-google-images": "^0.2.6", "hubot-google-translate": "^0.2.0",