fix: .snyk & package.json to reduce vulnerabilities

The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-450202
Kibibit · Jul 4, 2019 · fa0d669 · fa0d669
1 parent a198958
commit fa0d669
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 3 deletions.
diff --git a/.snyk b/.snyk
@@ -0,0 +1,10 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.13.5
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-LODASH-450202:
+    - probot > @octokit/rest > lodash:
+        patched: '2019-07-04T04:25:31.085Z'
+    - probot > hbs > handlebars > async > lodash:
+        patched: '2019-07-04T04:25:31.085Z'
diff --git a/package.json b/package.json
@@ -26,7 +26,9 @@
     "travis-deploy-once": "travis-deploy-once",
     "semantic-release": "semantic-release",
     "contributors:add": "all-contributors add",
-    "contributors:generate": "all-contributors generate"
+    "contributors:generate": "all-contributors generate",
+    "snyk-protect": "snyk protect",
+    "prepublish": "npm run snyk-protect"
   },
   "release": {
     "plugins": [
@@ -58,7 +60,8 @@
     "probot": "^7.2.0",
     "tslint": "^5.11.0",
     "typescript": "^3.1.6",
-    "jsonfile": "^5.0.0"
+    "jsonfile": "^5.0.0",
+    "snyk": "^1.189.0"
   },
   "devDependencies": {
     "@commitlint/cli": "^7.2.1",
@@ -118,5 +121,6 @@
         }
       ]
     ]
-  }
+  },
+  "snyk": true
 }