From 698500e0183f1dc237e19021b1596396a0a6d4fd Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 14 Apr 2020 21:58:47 +0000 Subject: [PATCH] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:debug:20170905 - https://snyk.io/vuln/npm:ms:20170412 - https://snyk.io/vuln/npm:node-uuid:20160328 --- .snyk | 14 ++++++++++++++ package.json | 10 +++++++--- 2 files changed, 21 insertions(+), 3 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 00000000..950a8e07 --- /dev/null +++ b/.snyk @@ -0,0 +1,14 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.14.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:debug:20170905': + - foam2 > ace-builds > ace > debug: + patched: '2020-04-14T21:58:45.114Z' + 'npm:ms:20170412': + - foam2 > ace-builds > ace > debug > ms: + patched: '2020-04-14T21:58:45.114Z' + 'npm:node-uuid:20160328': + - foam2 > ace-builds > ace > node-uuid: + patched: '2020-04-14T21:58:45.114Z' diff --git a/package.json b/package.json index b3d50cec..4e8f374f 100644 --- a/package.json +++ b/package.json @@ -13,7 +13,9 @@ "serve": "zsh scripts/serve.sh", "test": "npm run testNode && npm run testWeb", "testNode": "JASMINE_CONFIG_PATH=./config/jasmine.json jasmine", - "testWeb": "karma start ./config/karma.all.conf.js" + "testWeb": "karma start ./config/karma.all.conf.js", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" }, "repository": { "type": "git", @@ -33,7 +35,8 @@ "foam2": "git://github.com/foam-framework/foam2.git", "jquery": "^3.2.1", "materialize-css": "^0.98.1", - "object-graph-js": "git://github.com/mdittmer/object-graph-js.git" + "object-graph-js": "git://github.com/mdittmer/object-graph-js.git", + "snyk": "^1.305.1" }, "devDependencies": { "babel-core": "^6.23.1", @@ -63,5 +66,6 @@ }, "eslintConfig": { "extends": "google" - } + }, + "snyk": true }