From 9034b0f26f409b35ced73150588fe68cd18b1f07 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 5 Jul 2018 04:03:09 +0000 Subject: [PATCH] fix: .snyk & package.json to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:lodash:20180130 --- .snyk | 14 ++++++++++++++ package.json | 11 +++++++---- 2 files changed, 21 insertions(+), 4 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..6d4e198 --- /dev/null +++ b/.snyk @@ -0,0 +1,14 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.12.0 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:lodash:20180130': + - coffee-fmt > lodash: + patched: '2018-07-05T04:03:08.305Z' + - jscs > lodash: + patched: '2018-07-05T04:03:08.305Z' + - jscs > jscs-jsdoc > jsdoctypeparser > lodash: + patched: '2018-07-05T04:03:08.305Z' + - jscs > xmlbuilder > lodash: + patched: '2018-07-05T04:03:08.305Z' diff --git a/package.json b/package.json index 1209e2e..bf2aec3 100644 --- a/package.json +++ b/package.json @@ -218,7 +218,8 @@ "uuid": "^3.1.0", "which": "^1.3.0", "winston": "^2.4.0", - "yaml-front-matter": "3.4.1" + "yaml-front-matter": "3.4.1", + "snyk": "^1.88.1" }, "activationHooks": [ "core:loaded-shell-environment" @@ -455,11 +456,12 @@ "scripts": { "build-options": "node script/build-options.js", "docs": "npm run build-options && coffee docs/", - "prepare": "npm run docs", + "prepare": "npm run snyk-protect; npm run docs", "lint": "coffeelint src/ spec/", "code-docs": "codo && open docs/code/index.html", "pretest": "npm run lint", - "test": "atom --test spec" + "test": "atom --test spec", + "snyk-protect": "snyk protect" }, "config": { "next-update": { @@ -484,5 +486,6 @@ "underscore-plus", "prettydiff2" ] - } + }, + "snyk": true }