diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..7f6224d --- /dev/null +++ b/.snyk @@ -0,0 +1,44 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.14.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - react-instantsearch-dom > lodash: + patched: '2020-05-01T02:17:34.792Z' + - next > @babel/core > lodash: + patched: '2020-05-01T02:17:34.792Z' + - next > autodll-webpack-plugin > lodash: + patched: '2020-05-01T02:17:34.792Z' + - next > webpackbar > lodash: + patched: '2020-05-01T02:17:34.792Z' + - next > write-file-webpack-plugin > lodash: + patched: '2020-05-01T02:17:34.792Z' + - react-instantsearch-dom > algoliasearch-helper > lodash: + patched: '2020-05-01T02:17:34.792Z' + - react-instantsearch-dom > react-instantsearch-core > lodash: + patched: '2020-05-01T02:17:34.792Z' + - next > @babel/preset-env > @babel/plugin-transform-block-scoping > lodash: + patched: '2020-05-01T02:17:34.792Z' + - next > autodll-webpack-plugin > webpack-merge > lodash: + patched: '2020-05-01T02:17:34.792Z' + - next > styled-jsx > babel-types > lodash: + patched: '2020-05-01T02:17:34.792Z' + - next > webpackbar > consola > lodash: + patched: '2020-05-01T02:17:34.792Z' + - next > webpackbar > table > lodash: + patched: '2020-05-01T02:17:34.792Z' + - react-instantsearch-dom > react-instantsearch-core > algoliasearch-helper > lodash: + patched: '2020-05-01T02:17:34.792Z' + - next > @babel/preset-env > @babel/plugin-transform-modules-umd > @babel/helper-module-transforms > lodash: + patched: '2020-05-01T02:17:34.792Z' + - next > @babel/preset-env > @babel/plugin-transform-unicode-regex > @babel/helper-create-regexp-features-plugin > @babel/helper-regex > lodash: + patched: '2020-05-01T02:17:34.792Z' + - next > @babel/preset-env > @babel/plugin-transform-exponentiation-operator > @babel/helper-builder-binary-assignment-operator-visitor > @babel/helper-explode-assignable-expression > @babel/traverse > lodash: + patched: '2020-05-01T02:17:34.792Z' + - next > @babel/preset-env > @babel/plugin-transform-exponentiation-operator > @babel/helper-builder-binary-assignment-operator-visitor > @babel/helper-explode-assignable-expression > @babel/traverse > @babel/generator > lodash: + patched: '2020-05-01T02:17:34.792Z' + - next > @babel/preset-env > @babel/plugin-transform-exponentiation-operator > @babel/helper-builder-binary-assignment-operator-visitor > @babel/helper-explode-assignable-expression > @babel/traverse > @babel/helper-split-export-declaration > @babel/types > lodash: + patched: '2020-05-01T02:17:34.792Z' + - next > @babel/preset-env > @babel/plugin-transform-exponentiation-operator > @babel/helper-builder-binary-assignment-operator-visitor > @babel/helper-explode-assignable-expression > @babel/traverse > @babel/helper-function-name > @babel/helper-get-function-arity > @babel/types > lodash: + patched: '2020-05-01T02:17:34.792Z' diff --git a/package.json b/package.json index 9e66aaf..95e14e6 100644 --- a/package.json +++ b/package.json @@ -10,7 +10,9 @@ "offline": "next build && serverless offline start", "deploy": "npm run build && serverless deploy", "deploy-prod": "npm run build && serverless deploy --stage prod", - "test": "jest" + "test": "jest", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" }, "dependencies": { "@material-ui/core": "3.5.1", @@ -37,7 +39,8 @@ "react-parallax": "^2.0.1", "serverless-apigw-binary": "^0.4.4", "serverless-domain-manager": "^2.6.10", - "striptags": "^3.1.1" + "striptags": "^3.1.1", + "snyk": "^1.316.1" }, "devDependencies": { "@babel/core": "^7.1.2", @@ -49,5 +52,6 @@ "react-addons-test-utils": "15.6.2", "react-test-renderer": "16.4.2", "serverless-offline": "^3.31.3" - } + }, + "snyk": true }