From b51b035d7af5f12358bedcccdcf481d5848b10a1 Mon Sep 17 00:00:00 2001 From: snyk-test Date: Wed, 3 Jul 2019 23:52:51 +0000 Subject: [PATCH] fix: .snyk & package.json to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-450202 --- .snyk | 10 ++++++++++ package.json | 10 +++++++--- 2 files changed, 17 insertions(+), 3 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..99a3b61 --- /dev/null +++ b/.snyk @@ -0,0 +1,10 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.13.5 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-450202: + - async > lodash: + patched: '2019-07-03T23:52:49.517Z' + - mongoose > async > lodash: + patched: '2019-07-03T23:52:49.517Z' diff --git a/package.json b/package.json index 50b5f7c..5b19474 100644 --- a/package.json +++ b/package.json @@ -4,7 +4,9 @@ "description": "Posts content to timeline if post contains a certain hashtag.", "main": "app.js", "scripts": { - "test": "echo \"Error: no test specified\" && exit 1" + "test": "echo \"Error: no test specified\" && exit 1", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" }, "repository": { "type": "git", @@ -19,6 +21,8 @@ "dependencies": { "async": "^2.1.4", "fb": "^1.1.1", - "mongoose": "^4.8.1" - } + "mongoose": "^4.8.1", + "snyk": "^1.189.0" + }, + "snyk": true }