Fix security issues for snyk result

[jisoolee]

ref https://github.com/krg7880/json-schema-generator/issues/31 ref https://github.com/krg7880/json-schema-generator/issues/32

[jisoolee]

@kirk7880 @krg7880 Could you take a look at my PR? Thank you for your time.

This will fix a number of snyk result

Current snyk result

High sev: 7 Medium sev: 8

JISOOs-MacBook-Pro:json-schema-generator jisoolee@ca.ibm.com$ snyk test

Testing /Users/jisoolee@ca.ibm.com/develop/json-schema-generator...

Tested 74 dependencies for known issues, found 15 issues, 19 vulnerable paths.

Issues to fix by upgrading:

  Upgrade mkdirp@0.5.1 to mkdirp@0.5.2 to fix
  ✗ Prototype Pollution [Medium Severity][https://snyk.io/vuln/SNYK-JS-MINIMIST-559764] in minimist@0.0.8
    introduced by mkdirp@0.5.1 > minimist@0.0.8 and 1 other path(s)

  Upgrade request@2.83.0 to request@2.88.0 to fix
  ✗ Prototype Pollution [High Severity][https://snyk.io/vuln/SNYK-JS-AJV-584908] in ajv@5.2.3
    introduced by request@2.83.0 > har-validator@5.0.3 > ajv@5.2.3

Patchable issues:

  Patch available for extend@3.0.1
  ✗ Prototype Pollution [High Severity][https://snyk.io/vuln/npm:extend:20180424] in extend@3.0.1
    introduced by request@2.83.0 > extend@3.0.1

  Patch available for hoek@4.2.0
  ✗ Prototype Pollution [Medium Severity][https://snyk.io/vuln/npm:hoek:20180212] in hoek@4.2.0
    introduced by request@2.83.0 > hawk@6.0.2 > hoek@4.2.0 and 3 other path(s)

  Patch available for lodash@3.10.1
  ✗ Prototype Pollution [Medium Severity][https://snyk.io/vuln/npm:lodash:20180130] in lodash@3.10.1
    introduced by dox@0.9.0 > jsdoctypeparser@1.2.0 > lodash@3.10.1

  Patch available for stringstream@0.0.5
  ✗ Uninitialized Memory Exposure [Medium Severity][https://snyk.io/vuln/npm:stringstream:20180511] in stringstream@0.0.5
    introduced by request@2.83.0 > stringstream@0.0.5

Issues with no direct upgrade or patch:
  ✗ Prototype Pollution [High Severity][https://snyk.io/vuln/SNYK-JS-LODASH-450202] in lodash@3.10.1
    introduced by dox@0.9.0 > jsdoctypeparser@1.2.0 > lodash@3.10.1
  This issue was fixed in versions: 4.17.12
  ✗ Prototype Pollution [Medium Severity][https://snyk.io/vuln/SNYK-JS-LODASH-567746] in lodash@3.10.1
    introduced by dox@0.9.0 > jsdoctypeparser@1.2.0 > lodash@3.10.1
  This issue was fixed in versions: 4.17.16
  ✗ Prototype Pollution [High Severity][https://snyk.io/vuln/SNYK-JS-LODASH-590103] in lodash@3.10.1
    introduced by dox@0.9.0 > jsdoctypeparser@1.2.0 > lodash@3.10.1
  This issue was fixed in versions: 4.17.20
  ✗ Prototype Pollution [High Severity][https://snyk.io/vuln/SNYK-JS-LODASH-608086] in lodash@3.10.1
    introduced by dox@0.9.0 > jsdoctypeparser@1.2.0 > lodash@3.10.1
  This issue was fixed in versions: 4.17.17
  ✗ Prototype Pollution [High Severity][https://snyk.io/vuln/SNYK-JS-LODASH-73638] in lodash@3.10.1
    introduced by dox@0.9.0 > jsdoctypeparser@1.2.0 > lodash@3.10.1
  This issue was fixed in versions: 4.17.11
  ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://snyk.io/vuln/SNYK-JS-LODASH-73639] in lodash@3.10.1
    introduced by dox@0.9.0 > jsdoctypeparser@1.2.0 > lodash@3.10.1
  This issue was fixed in versions: 4.17.11
  ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://snyk.io/vuln/SNYK-JS-MARKDOWNIT-459438] in markdown-it@9.0.1
    introduced by dox@0.9.0 > markdown-it@9.0.1
  This issue was fixed in versions: 10.0.0
  ✗ Insecure Randomness [Medium Severity][https://snyk.io/vuln/npm:cryptiles:20180710] in cryptiles@3.1.2
    introduced by request@2.83.0 > hawk@6.0.2 > cryptiles@3.1.2
  This issue was fixed in versions: 3.1.3, 4.1.2
  ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://snyk.io/vuln/npm:sshpk:20180409] in sshpk@1.13.1
    introduced by request@2.83.0 > http-signature@1.2.0 > sshpk@1.13.1
  This issue was fixed in versions: 1.14.1

Organization:      jisoolee
Package manager:   npm
Target file:       package.json
Project name:      json-schema-generator
Open source:       no
Project path:      /Users/jisoolee@ca.ibm.com/develop/json-schema-generator
Licenses:          enabled

Run `snyk wizard` to address these issues.

After my PR snyk result

Medium sev: 1

JISOOs-MacBook-Pro:json-schema-generator jisoolee@ca.ibm.com$ snyk test

Testing /Users/jisoolee@ca.ibm.com/develop/json-schema-generator...

Tested 55 dependencies for known issues, found 1 issue, 1 vulnerable path.

Issues with no direct upgrade or patch:
  ✗ Prototype Pollution [Medium Severity][https://snyk.io/vuln/SNYK-JS-MINIMIST-559764] in minimist@0.0.10
    introduced by optimist@0.6.1 > minimist@0.0.10
  This issue was fixed in versions: 0.2.1, 1.2.3

Organization:      jisoolee
Package manager:   npm
Target file:       package-lock.json
Project name:      json-schema-generator
Open source:       no
Project path:      /Users/jisoolee@ca.ibm.com/develop/json-schema-generator
Licenses:          enabled

Run `snyk wizard` to address these issues.

Thank you in advance.

[jisoolee]

And could you release a new version after this is merged? Thank you in advance 🙇

[jisoolee]

@kirk7880 @krg7880 Is there any news for this? Thank you for your time.

[jisoolee]

@kirk7880 @krg7880 Could you please take a look at this PR?

[jisoolee]

@kirk7880 @krg7880 Any news for this?

[jisoolee]

I guess I have to update some dependencies for this..

[jisoolee]

@kirk7880 @krg7880 Could you take a look at this? This PR will resolve many snyk issues.

[jisoolee]

Hello @kirk7880 @krg7880 , is there any updates?

[jisoolee]

Hi @kirk7880 @krg7880 , could you take a look at this PR?

[jisoolee]

Hi @kirk7880 @krg7880 , could you please update this? There are High Severity issues which could be fixed by this update.

[jisoolee]

Hello, @kirk7880 @krg7880 . Could you take a look at this?