From f88ab95ab687b7d21f240092be4fcfc632888a3e Mon Sep 17 00:00:00 2001 From: snyk-test Date: Thu, 4 Jul 2019 02:30:45 +0000 Subject: [PATCH] fix: .snyk & package.json to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-450202 --- .snyk | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ package.json | 10 +++++++--- 2 files changed, 55 insertions(+), 3 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..4dc7902 --- /dev/null +++ b/.snyk @@ -0,0 +1,48 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.13.5 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-450202: + - zeronet-zite > peer-info > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2019-07-04T02:30:35.405Z' + - zeronet-zite > async > lodash: + patched: '2019-07-04T02:30:35.405Z' + - zeronet-zite > zeronet-crypto > libp2p-secio > peer-id > lodash: + patched: '2019-07-04T02:30:35.405Z' + - zeronet-zite > zeronet-crypto > libp2p-secio > async > lodash: + patched: '2019-07-04T02:30:35.405Z' + - zeronet-zite > peer-info > peer-id > async > lodash: + patched: '2019-07-04T02:30:35.405Z' + - zeronet-zite > zeronet-crypto > libp2p-secio > peer-info > peer-id > lodash: + patched: '2019-07-04T02:30:35.405Z' + - zeronet-zite > zeronet-crypto > libp2p-secio > peer-id > async > lodash: + patched: '2019-07-04T02:30:35.405Z' + - zeronet-zite > peer-info > peer-id > libp2p-crypto > async > lodash: + patched: '2019-07-04T02:30:35.405Z' + - zeronet-zite > zeronet-crypto > libp2p-secio > multihashing-async > async > lodash: + patched: '2019-07-04T02:30:35.405Z' + - zeronet-zite > zeronet-crypto > libp2p-secio > libp2p-crypto > async > lodash: + patched: '2019-07-04T02:30:35.405Z' + - zeronet-zite > peer-info > peer-id > lodash: + patched: '2019-07-04T02:30:35.405Z' + - zeronet-zite > zeronet-crypto > libp2p-secio > peer-info > peer-id > async > lodash: + patched: '2019-07-04T02:30:35.405Z' + - zeronet-zite > zeronet-crypto > libp2p-secio > libp2p-crypto > multihashing-async > async > lodash: + patched: '2019-07-04T02:30:35.405Z' + - zeronet-zite > zeronet-crypto > libp2p-secio > peer-id > libp2p-crypto > async > lodash: + patched: '2019-07-04T02:30:35.405Z' + - zeronet-zite > peer-info > peer-id > libp2p-crypto > multihashing-async > async > lodash: + patched: '2019-07-04T02:30:35.405Z' + - zeronet-zite > zeronet-crypto > libp2p-secio > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2019-07-04T02:30:35.405Z' + - zeronet-zite > zeronet-crypto > libp2p-secio > peer-info > peer-id > libp2p-crypto > async > lodash: + patched: '2019-07-04T02:30:35.405Z' + - zeronet-zite > zeronet-crypto > libp2p-secio > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2019-07-04T02:30:35.405Z' + - zeronet-zite > zeronet-crypto > libp2p-secio > peer-id > libp2p-crypto > multihashing-async > async > lodash: + patched: '2019-07-04T02:30:35.405Z' + - zeronet-zite > zeronet-crypto > libp2p-secio > peer-info > peer-id > libp2p-crypto > multihashing-async > async > lodash: + patched: '2019-07-04T02:30:35.405Z' + - zeronet-zite > zeronet-crypto > libp2p-secio > peer-info > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2019-07-04T02:30:35.405Z' diff --git a/package.json b/package.json index d1bccf3..0ed3eee 100644 --- a/package.json +++ b/package.json @@ -13,7 +13,9 @@ "release-minor": "aegir release --type minor", "release-major": "aegir release --type major", "coverage": "aegir coverage", - "coverage-publish": "aegir coverage -u" + "coverage-publish": "aegir coverage -u", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" }, "keywords": [ "zeronet", @@ -34,7 +36,8 @@ "dependencies": { "express": "^4.16.2", "zeronet-common": "~0.3.0", - "zeronet-zite": "0.0.7" + "zeronet-zite": "0.0.7", + "snyk": "^1.189.0" }, "directories": { "test": "test", @@ -46,5 +49,6 @@ }, "contributors": [ "mkg20001 " - ] + ], + "snyk": true }