From 5a5f64e7be386d577d3aee1d6df668948e4d5f5d Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 4 Jul 2018 01:06:10 +0000 Subject: [PATCH] fix: .snyk & package.json to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:lodash:20180130 --- .snyk | 12 ++++++++++++ package.json | 10 +++++++--- 2 files changed, 19 insertions(+), 3 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 00000000..95c796cf --- /dev/null +++ b/.snyk @@ -0,0 +1,12 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.12.0 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:lodash:20180130': + - kickoff-fluidVideo.css > release-it > repo-path-parse > dox > jsdoctypeparser > lodash: + patched: '2018-07-04T01:06:08.359Z' + - kickoff-utils.scss > release-it > repo-path-parse > dox > jsdoctypeparser > lodash: + patched: '2018-07-04T01:06:08.359Z' + - kickoff-grid.css > release-it > repo-path-parse > dox > jsdoctypeparser > lodash: + patched: '2018-07-04T01:06:08.359Z' diff --git a/package.json b/package.json index bb57eae7..09379337 100644 --- a/package.json +++ b/package.json @@ -43,7 +43,9 @@ "release-patch": "release-it --non-interactive patch", "release-minor": "release-it --non-interactive minor", "release-major": "release-it --non-interactive major", - "release-premajor": "release-it premajor --prereleaseId=\"beta\"" + "release-premajor": "release-it premajor --prereleaseId=\"beta\"", + "snyk-protect": "snyk protect", + "prepare": "npm run snyk-protect" }, "repository": { "type": "git", @@ -67,7 +69,8 @@ "kickoff-welcome.js": "1.4.0", "lite-ready": "1.0.4", "normalize-scss": "6.0.0", - "svg4everybody": "2.1.8" + "svg4everybody": "2.1.8", + "snyk": "^1.88.1" }, "devDependencies": { "autoprefixer": "6.7.7", @@ -175,5 +178,6 @@ ], "max-empty-lines": 2 } - } + }, + "snyk": true }