diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..a79800a --- /dev/null +++ b/.snyk @@ -0,0 +1,16 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.7.0 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:ms:20170412': + - cloudant > debug > ms: + patched: '2017-05-23T07:20:11.648Z' + - bluemix-helper-config > cloudant > debug > ms: + patched: '2017-05-23T07:20:11.648Z' + - bluemix-helper-sso > bluemix-helper-config > cloudant > debug > ms: + patched: '2017-05-23T07:20:11.648Z' + - bluemix-helper-sso > express-session > debug > ms: + patched: '2017-05-23T07:20:11.648Z' + - morgan > debug > ms: + patched: '2017-05-23T07:20:11.648Z' diff --git a/package.json b/package.json index 0d9d93b..075e78e 100644 --- a/package.json +++ b/package.json @@ -4,7 +4,9 @@ "description": "Real time dashboard for the Twitter Sentiment analysis using Spark Streaming and Watson", "main": "server.js", "scripts": { - "postinstall": "node ./node_modules/bower/bin/bower cache clean && node ./node_modules/bower/bin/bower install" + "postinstall": "node ./node_modules/bower/bin/bower cache clean && node ./node_modules/bower/bin/bower install", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" }, "repository": { "type": "git", @@ -29,11 +31,11 @@ "cloudant": "^1.0.0", "cookie-parser": "~1.3.5", "d3": "<=3.5.0", - "debug": "~2.0.0", + "debug": "~2.6.7", "dotenv": "^1.2.0", "errorhandler": "~1.3.6", "express": "^4.10.6", - "express-session": "1.11.3", + "express-session": "1.15.3", "jsonfile": "^2.2.1", "jws": "0.2.5", "lodash": "~3.9.3", @@ -52,12 +54,14 @@ "superagent": "^1.4.0", "superagent-bluebird-promise": "^2.1.0", "when": "~3.7.3", - "ws": "~0.7.2" + "ws": "~0.7.2", + "snyk": "^1.30.1" }, "devDependencies": { "mocha": "*" }, "author": "david_taieb@us.ibm.com", "license": "Apache-2.0", - "readmeFilename": "README.md" + "readmeFilename": "README.md", + "snyk": true }