diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..e318169 --- /dev/null +++ b/.snyk @@ -0,0 +1,28 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.7.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:debug:20170905': + - hubot > express > connect > debug: + patched: '2017-09-28T03:28:12.897Z' + - hubot > express > debug: + patched: '2017-09-28T03:28:12.897Z' + - hubot > express > connect > body-parser > debug: + patched: '2017-09-28T03:28:12.897Z' + - hubot > express > connect > compression > debug: + patched: '2017-09-28T03:28:12.897Z' + - hubot > express > connect > connect-timeout > debug: + patched: '2017-09-28T03:28:12.897Z' + - hubot > express > send > debug: + patched: '2017-09-28T03:28:12.897Z' + - hubot > express > connect > express-session > debug: + patched: '2017-09-28T03:28:12.897Z' + - hubot > express > connect > finalhandler > debug: + patched: '2017-09-28T03:28:12.897Z' + - hubot > express > connect > morgan > debug: + patched: '2017-09-28T03:28:12.897Z' + - hubot > express > connect > serve-index > debug: + patched: '2017-09-28T03:28:12.897Z' + - hubot > express > connect > serve-static > send > debug: + patched: '2017-09-28T03:28:12.897Z' diff --git a/package.json b/package.json index 67f37ca..008d010 100644 --- a/package.json +++ b/package.json @@ -32,7 +32,7 @@ "mongodb": "1.4.7", "ntwitter": "https://github.com/sebhildebrandt/ntwitter/tarball/master", "pg": "~0.10.2", - "request": "2.14.0", + "request": "2.50.0", "soupselect": "0.2.0", "timezone": "0.0.23", "twit": "latest", @@ -40,10 +40,16 @@ "xml2js": "0.4.1", "xmldom": "0.1.16", "xpath": "0.0.5", - "hubot-motivate": ">= 0.0.0" + "hubot-motivate": ">= 0.0.0", + "snyk": "^1.41.1" }, "engines": { "node": ">= 0.8.x", "npm": ">= 1.1.x" - } + }, + "scripts": { + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" + }, + "snyk": true }