From d90851f3456d95c07c4e436d552a1fcd8034b2f3 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 20 Jun 2018 08:29:12 +0000 Subject: [PATCH] fix: .snyk & package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/npm:hoek:20180212 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:hoek:20180212 --- .snyk | 14 ++++++++++++++ package.json | 12 ++++++++---- 2 files changed, 22 insertions(+), 4 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..1a57bf8 --- /dev/null +++ b/.snyk @@ -0,0 +1,14 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.12.0 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:hoek:20180212': + - npm > node-gyp > request > hawk > hoek: + patched: '2018-06-20T08:29:11.089Z' + - npm > node-gyp > request > hawk > boom > hoek: + patched: '2018-06-20T08:29:11.089Z' + - npm > node-gyp > request > hawk > sntp > hoek: + patched: '2018-06-20T08:29:11.089Z' + - npm > node-gyp > request > hawk > cryptiles > boom > hoek: + patched: '2018-06-20T08:29:11.089Z' diff --git a/package.json b/package.json index d284dfa..87cdcd8 100644 --- a/package.json +++ b/package.json @@ -6,7 +6,9 @@ "scripts": { "test": "npm run build && mocha", "build": "babel src -d dist --copy-files", - "prepublish": "npm run build" + "prepublish": "npm run build", + "snyk-protect": "snyk protect", + "prepare": "npm run snyk-protect" }, "repository": { "type": "git", @@ -32,12 +34,14 @@ "babel-regenerator-runtime": "^6.5.0", "install": "^0.8.9", "lancaster-stemmer": "^1.0.0", - "npm": "^4.5.0", + "npm": "^5.5.0", "snowball-german": "^1.0.0", "stemmer": "^1.0.0", - "underscore": "^1.8.3" + "underscore": "^1.8.3", + "snyk": "^1.83.0" }, "devDependencies": { "mocha": "^3.1.2" - } + }, + "snyk": true }