fix: .snyk & package.json to reduce vulnerabilities (#477)

snyk-bot · maxbeatty · commit f95351701c4c · 2018-10-08T16:31:53.000-07:00
The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:lodash:20180130
diff --git a/.snyk b/.snyk
@@ -1,3 +1,8 @@
-version: v1.5.0
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.12.0
 ignore: {}
-patch: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:lodash:20180130':
+    - marky-markdown > highlights > first-mate-select-grammar > lodash:
+        patched: '2018-07-05T22:41:04.529Z'
diff --git a/package.json b/package.json
@@ -13,7 +13,8 @@
     "test-e2e": "lab -L -m 30000 -M 10000 test/e2e",
     "snyk-protect": "snyk protect",
     "deploy": "now",
-    "watch": "nodemon -e js,hbs server.js"
+    "watch": "nodemon -e js,hbs server.js",
+    "prepare": "npm run snyk-protect"
   },
   "repository": {
     "type": "git",
@@ -60,7 +61,8 @@
     "umzug": "2.0.1",
     "vision": "^4.1.1",
     "visionary": "^6.0.2",
-    "yar": "^8.1.1"
+    "yar": "^8.1.1",
+    "snyk": "^1.88.1"
   },
   "devDependencies": {
     "benchmark": "2.1.4",
@@ -89,8 +91,7 @@
     "proxyquire": "1.8.0",
     "saucelabs": "^1.3.0",
     "selenium-webdriver": "^3.6.0",
-    "sinon": "^4.4.5",
-    "snyk": "^1.70.0"
+    "sinon": "^4.4.5"
   },
   "snyk": true,
   "now": {
