fix: goof/package.json, goof/package-lock.json & goof/.snyk to reduce…

… vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-EXPRESSFILEUPLOAD-473997
- https://snyk.io/vuln/SNYK-JS-JQUERY-174006
- https://snyk.io/vuln/SNYK-JS-JSYAML-173999
- https://snyk.io/vuln/SNYK-JS-JSYAML-174129
- https://snyk.io/vuln/SNYK-JS-MARKED-174116
- https://snyk.io/vuln/SNYK-JS-MARKED-451540
- https://snyk.io/vuln/SNYK-JS-MONGODB-473855
- https://snyk.io/vuln/SNYK-JS-MONGOOSE-472486
- https://snyk.io/vuln/SNYK-JS-MORGAN-72579
- https://snyk.io/vuln/npm:adm-zip:20180415
- https://snyk.io/vuln/npm:braces:20180219
- https://snyk.io/vuln/npm:debug:20170905
- https://snyk.io/vuln/npm:dustjs-linkedin:20160819
- https://snyk.io/vuln/npm:ejs:20161128
- https://snyk.io/vuln/npm:ejs:20161130
- https://snyk.io/vuln/npm:ejs:20161130-1
- https://snyk.io/vuln/npm:fresh:20170908
- https://snyk.io/vuln/npm:hoek:20180212
- https://snyk.io/vuln/npm:jquery:20150627
- https://snyk.io/vuln/npm:marked:20150520
- https://snyk.io/vuln/npm:marked:20170112
- https://snyk.io/vuln/npm:marked:20170815
- https://snyk.io/vuln/npm:marked:20170815-1
- https://snyk.io/vuln/npm:marked:20170907
- https://snyk.io/vuln/npm:marked:20180225
- https://snyk.io/vuln/npm:mime:20170907
- https://snyk.io/vuln/npm:moment:20161019
- https://snyk.io/vuln/npm:moment:20170905
- https://snyk.io/vuln/npm:mongoose:20160116
- https://snyk.io/vuln/npm:ms:20151024
- https://snyk.io/vuln/npm:ms:20170412
- https://snyk.io/vuln/npm:negotiator:20160616
- https://snyk.io/vuln/npm:npmconf:20180512
- https://snyk.io/vuln/npm:qs:20170213
- https://snyk.io/vuln/npm:semver:20150403
- https://snyk.io/vuln/npm:st:20140206
- https://snyk.io/vuln/npm:st:20171013
- https://snyk.io/vuln/npm:tunnel-agent:20170305


The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/npm:debug:20170905
- https://snyk.io/vuln/npm:hawk:20160119
- https://snyk.io/vuln/npm:http-signature:20150122
- https://snyk.io/vuln/npm:mime:20170907
- https://snyk.io/vuln/npm:minimatch:20160620
- https://snyk.io/vuln/npm:ms:20170412
- https://snyk.io/vuln/npm:request:20160119
- https://snyk.io/vuln/npm:tunnel-agent:20170305

goof/.snyk

@@ -0,0 +1,37 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.14.0
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:debug:20170905':
+    - tap > tap-mocha-reporter > debug:
+        patched: '2020-01-13T12:27:33.062Z'
+  'npm:hawk:20160119':
+    - tap > codecov.io > request > hawk:
+        patched: '2020-01-13T12:27:33.062Z'
+  'npm:http-signature:20150122':
+    - tap > codecov.io > request > http-signature:
+        patched: '2020-01-13T12:27:33.062Z'
+  'npm:mime:20170907':
+    - tap > codecov.io > request > form-data > mime:
+        patched: '2020-01-13T12:27:33.062Z'
+  'npm:minimatch:20160620':
+    - tap > nyc > glob > minimatch:
+        patched: '2020-01-13T12:27:33.062Z'
+    - tap > nyc > rimraf > glob > minimatch:
+        patched: '2020-01-13T12:27:33.062Z'
+    - tap > nyc > spawn-wrap > rimraf > glob > minimatch:
+        patched: '2020-01-13T12:27:33.062Z'
+    - tap > nyc > istanbul > fileset > minimatch:
+        patched: '2020-01-13T12:27:33.062Z'
+    - tap > nyc > istanbul > fileset > glob > minimatch:
+        patched: '2020-01-13T12:27:33.062Z'
+  'npm:ms:20170412':
+    - tap > tap-mocha-reporter > debug > ms:
+        patched: '2020-01-13T12:27:33.062Z'
+  'npm:request:20160119':
+    - tap > codecov.io > request:
+        patched: '2020-01-13T12:27:33.062Z'
+  'npm:tunnel-agent:20170305':
+    - tap > codecov.io > request > tunnel-agent:
+        patched: '2020-01-13T12:27:33.062Z'