fix: package.json & .snyk to reduce vulnerabilities (#53)

The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:marked:20170112 - https://snyk.io/vuln/npm:minimatch:20160620 - https://snyk.io/vuln/npm:qs:20170213 - https://snyk.io/vuln/npm:ws:20160920 Latest report for donmclean/riko: https://snyk.io/test/github/donmclean/riko Some vulnerabilities weren't fixed or ignored, and so will still fail the Snyk test report.
Donmclean · Jul 31, 2017 · 1ee9bdb · 1ee9bdb
1 parent 7492853
commit 1ee9bdb
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 2 deletions.
diff --git a/.snyk b/.snyk
@@ -70,3 +70,25 @@ patch:
         patched: '2017-05-26T06:24:24.381Z'
     - browser-sync > serve-static > send > debug > ms:
         patched: '2017-05-26T06:24:24.381Z'
+  'npm:marked:20170112':
+    - webpack-notifier > node-notifier > cli-usage > marked:
+        patched: '2017-07-28T06:24:17.362Z'
+  'npm:minimatch:20160620':
+    - gulp > vinyl-fs > glob-stream > glob > minimatch:
+        patched: '2017-07-28T06:24:17.362Z'
+    - gulp > vinyl-fs > glob-watcher > gaze > globule > minimatch:
+        patched: '2017-07-28T06:24:17.362Z'
+    - gulp > vinyl-fs > glob-watcher > gaze > globule > glob > minimatch:
+        patched: '2017-07-28T06:24:17.362Z'
+    - gulp > vinyl-fs > glob-stream > minimatch:
+        patched: '2017-07-28T06:24:17.362Z'
+  'npm:qs:20170213':
+    - browser-sync > qs:
+        patched: '2017-07-28T06:24:17.362Z'
+  'npm:ws:20160920':
+    - browser-sync > socket.io > socket.io-client > engine.io-client > ws:
+        patched: '2017-07-28T06:24:17.362Z'
+    - browser-sync > socket.io-client > engine.io-client > ws:
+        patched: '2017-07-28T06:24:17.362Z'
+    - browser-sync > socket.io > engine.io > ws:
+        patched: '2017-07-28T06:24:17.362Z'
diff --git a/package.json b/package.json
@@ -22,7 +22,8 @@
     "test-mocha": "mocha tests/riko-test-suite.spec.js --require babel-register --colors",
     "test-build": "npm run lint && babel-node ./node_modules/.bin/istanbul cover ./node_modules/mocha/bin/_mocha tests/riko-test-suite.spec.js --report html --report lcov -- -R spec",
     "test-coverage": "babel-node ./node_modules/.bin/istanbul cover ./node_modules/mocha/bin/_mocha tests/riko-test-suite.spec.js --report lcovonly -- -R spec && cat ./coverage/lcov.info | ./node_modules/coveralls/bin/coveralls.js && rm -rf ./coverage",
-    "test": "sh test-complete.sh"
+    "test": "sh test-complete.sh",
+    "prepare": "npm run snyk-protect"
   },
   "repository": {
     "type": "git",
@@ -107,7 +108,7 @@
     "react-hot-loader": "3.0.0-beta.7",
     "sass-loader": "^5.0.1",
     "shelljs": "^0.7.8",
-    "snyk": "^1.31.0",
+    "snyk": "^1.37.0",
     "style-loader": "^0.13.1",
     "stylus": "^0.54.5",
     "stylus-loader": "^2.4.0",