From 35cd46c6c871a26d4cf2267249bdeae5806e177a Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 3 Oct 2019 21:44:17 +0000 Subject: [PATCH] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-HTTPSPROXYAGENT-469131 --- .snyk | 10 ++++++++++ package.json | 13 +++++++++---- 2 files changed, 19 insertions(+), 4 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..fee9aba --- /dev/null +++ b/.snyk @@ -0,0 +1,10 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.13.5 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-HTTPSPROXYAGENT-469131: + - urllib > proxy-agent > https-proxy-agent: + patched: '2019-10-03T21:44:15.766Z' + - urllib > proxy-agent > pac-proxy-agent > https-proxy-agent: + patched: '2019-10-03T21:44:15.766Z' diff --git a/package.json b/package.json index 647e989..27313ac 100644 --- a/package.json +++ b/package.json @@ -12,11 +12,14 @@ "test-cov": "node --harmony node_modules/.bin/istanbul cover node_modules/.bin/_mocha -- -t 20000 -r should-http test/*.test.js", "test-travis": "node --harmony node_modules/.bin/istanbul cover node_modules/.bin/_mocha --report lcovonly -- -t 20000 -r should-http test/*.test.js", "jshint": "jshint .", - "autod": "autod -w --prefix '^'" + "autod": "autod -w --prefix '^'", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" }, "dependencies": { "debug": "^2.6.7", - "urllib": "^2.22.0" + "urllib": "^2.22.0", + "snyk": "^1.230.5" }, "devDependencies": { "autod": "*", @@ -32,11 +35,13 @@ "url": "git://github.com/node-modules/restful-client.git" }, "keywords": [ - "restful-client", "restful" + "restful-client", + "restful" ], "engines": { "node": ">= 0.12.0" }, "author": "fengmk2 ", - "license": "MIT" + "license": "MIT", + "snyk": true }