From 046ff909608d73510ccfedb8d12553d176885f91 Mon Sep 17 00:00:00 2001 From: snyk-test Date: Wed, 3 Jul 2019 23:51:35 +0000 Subject: [PATCH] fix: .snyk & package.json to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-450202 --- .snyk | 16 ++++++++++++++++ package.json | 10 +++++++--- 2 files changed, 23 insertions(+), 3 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 00000000..daf7f889 --- /dev/null +++ b/.snyk @@ -0,0 +1,16 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.13.5 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-450202: + - '@feathersjs/authentication-local > lodash': + patched: '2019-07-03T23:51:21.711Z' + - feathers-authentication-hooks > lodash: + patched: '2019-07-03T23:51:21.711Z' + - sequelize > lodash: + patched: '2019-07-03T23:51:21.711Z' + - '@feathersjs/socketio > @feathersjs/transport-commons > lodash': + patched: '2019-07-03T23:51:21.711Z' + - winston > async > lodash: + patched: '2019-07-03T23:51:21.711Z' diff --git a/package.json b/package.json index 43c88b60..d53b58fa 100644 --- a/package.json +++ b/package.json @@ -27,7 +27,9 @@ "eslint": "eslint src/. test/. --config .eslintrc.json", "start": "node src/", "debug": "node --inspect src/", - "mocha": "mocha test/ --recursive --exit" + "mocha": "mocha test/ --recursive --exit", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" }, "dependencies": { "@feathersjs/authentication": "^2.1.16", @@ -50,12 +52,14 @@ "sequelize": "^5.9.0", "serve-favicon": "^2.5.0", "uuid": "^3.3.2", - "winston": "^3.2.1" + "winston": "^3.2.1", + "snyk": "^1.189.0" }, "devDependencies": { "eslint": "^6.0.1", "mocha": "^6.1.4", "request": "^2.88.0", "request-promise": "^4.2.4" - } + }, + "snyk": true }