From d616d254a818544692caf374cf73d0685c9f95bd Mon Sep 17 00:00:00 2001 From: snyk-test Date: Tue, 9 Jul 2019 23:50:13 +0000 Subject: [PATCH] fix: .snyk & package.json to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-450202 --- .snyk | 7 ++++++- package.json | 9 ++++++--- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/.snyk b/.snyk index 7404b70..360cb3b 100644 --- a/.snyk +++ b/.snyk @@ -1,5 +1,5 @@ # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. -version: v1.7.0 +version: v1.13.5 ignore: {} # patches apply the minimum changes required to fix a vulnerability patch: @@ -9,4 +9,9 @@ patch: 'npm:ms:20170412': - morgan > debug > ms: patched: '2017-05-23T23:37:05.011Z' + SNYK-JS-LODASH-450202: + - snyk > snyk-mvn-plugin > lodash: + patched: '2019-07-09T23:50:11.972Z' + - snyk > snyk-php-plugin > @snyk/composer-lockfile-parser > lodash: + patched: '2019-07-09T23:50:11.972Z' fix: package.json & .snyk to reduce vulnerabilities diff --git a/package.json b/package.json index 374b014..0459341 100644 --- a/package.json +++ b/package.json @@ -9,7 +9,9 @@ "develop": "nodemon -w ./server -w index.js -w environment.js --exec npm start", "lint": "eslint --fix ./server ./test", "monitor": "nodemon index.js", - "start": "node index.js" + "start": "node index.js", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" }, "repository": { "type": "git", @@ -36,7 +38,7 @@ "node-uuid": "^1.4.7", "request": "^2.72.0", "serve-favicon": "~2.4.3", - "snyk": "^1.30.1" + "snyk": "^1.192.4" }, "devDependencies": { "babel-eslint": "^6.0.4", @@ -61,5 +63,6 @@ "engines": { "node": "^4.3.2", "npm": "^3.9.5" - } + }, + "snyk": true }