From bef18470854fb4344dab420f4c813480f92649b8 Mon Sep 17 00:00:00 2001 From: snyk-test Date: Tue, 9 Jul 2019 21:42:34 +0000 Subject: [PATCH] fix: .snyk & package.json to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-450202 --- .snyk | 12 ++++++++++++ package.json | 14 +++++++++----- 2 files changed, 21 insertions(+), 5 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..b5ae31e --- /dev/null +++ b/.snyk @@ -0,0 +1,12 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.13.5 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-450202: + - async > lodash: + patched: '2019-07-09T21:42:32.165Z' + - bunyan-console-stream > lodash: + patched: '2019-07-09T21:42:32.165Z' + - cloudant > async > lodash: + patched: '2019-07-09T21:42:32.165Z' diff --git a/package.json b/package.json index 0de17dd..fad9842 100644 --- a/package.json +++ b/package.json @@ -5,10 +5,12 @@ "main": "./lib/index", "author": "david_taieb@us.ibm.com", "scripts": { + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" }, "repository": { - "type" : "git", - "url": "git+https://github.com/ibm-cds-labs/bluemix-helper-config.git" + "type": "git", + "url": "git+https://github.com/ibm-cds-labs/bluemix-helper-config.git" }, "keywords": [ "bluemix" @@ -16,17 +18,19 @@ "dependencies": { "when": "3.7.7", "async": "~2.1.4", - "cfenv": "*", + "cfenv": "*", "nconfig": "*", "lodash": "~3.9.3", "bunyan": "^1.3.2", "bunyan-console-stream": "^0.1.0", "moment": "^2.10.3", - "cloudant": "^1.0.0" + "cloudant": "^1.0.0", + "snyk": "^1.192.4" }, "devDependencies": { "mocha": "*" }, "license": "Apache-2.0", - "readmeFilename": "README.md" + "readmeFilename": "README.md", + "snyk": true }