fix: package.json & .snyk to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/npm:tunnel-agent:20170305 - https://snyk.io/vuln/npm:mime:20170907 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:marked:20170907 The following vulnerabilities are ignored: - https://snyk.io/vuln/npm:tunnel-agent:20170305 Latest report for city-of-helsinki/kerrokantasi-ui: https://snyk.io/test/github/city-of-helsinki/kerrokantasi-ui Some vulnerabilities weren't fixed or ignored, and so will still fail the Snyk test report.
City-of-Helsinki · Nov 21, 2017 · a7e555f · a7e555f
1 parent fafad49
commit a7e555f
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 5 deletions.
diff --git a/.snyk b/.snyk
@@ -0,0 +1,16 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.8.0
+# ignores vulnerabilities until expiry date; change duration by modifying expiry date
+ignore:
+  'npm:tunnel-agent:20170305':
+    - node-sass > request > tunnel-agent:
+        reason: None given
+        expires: '2017-12-21T14:57:57.455Z'
+    - node-sass > request > tunnel-agent:
+        reason: None given
+        expires: '2017-12-21T14:57:57.455Z'
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:marked:20170907':
+    - markdown-loader > marked:
+        patched: '2017-11-21T14:57:57.457Z'
diff --git a/package.json b/package.json
@@ -10,7 +10,9 @@
     "lint:complexity": "eslint -c complexity.eslintrc.js --no-eslintrc src server",
     "test": "jest",
     "test:watch": "jest --watch",
-    "test:cov": "jest --coverage"
+    "test:cov": "jest --coverage",
+    "snyk-protect": "snyk protect",
+    "prepublish": "npm run snyk-protect"
   },
   "repository": {
     "type": "git",
@@ -35,7 +37,7 @@
     "body-parser": "^1.17.2",
     "bootstrap-sass": "^3.3.7",
     "classnames": "^2.2.3",
-    "codecov": "^2.3.0",
+    "codecov": "^3.0.0",
     "connect-history-api-fallback": "^1.1.0",
     "cookie-parser": "^1.4.0",
     "cookie-session": "^2.0.0-alpha.1",
@@ -110,13 +112,14 @@
     "scrolltop": "0.0.1",
     "style-loader": "^0.18.2",
     "updeep": "^0.16.0",
-    "url-loader": "^0.5.9",
+    "url-loader": "^0.6.0",
     "url-parse": "^1.1.9",
     "uuid": "^3.1.0",
     "webpack": "^3.6.0",
     "webpack-dev-middleware": "^1.2.0",
     "webpack-hot-middleware": "^2.4.1",
-    "webpack-merge": "^4.1.0"
+    "webpack-merge": "^4.1.0",
+    "snyk": "^1.49.4"
   },
   "devDependencies": {
     "babel-jest": "^16.0.0",
@@ -137,5 +140,6 @@
       "server/**/*.{js,jsx}",
       "src/**/*.{js,jsx}"
     ]
-  }
+  },
+  "snyk": true
 }