fix: .snyk, package.json & package-lock.json to reduce vulnerabilities

The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-450202
cfpb · Jul 3, 2019 · 4ef33aa · 4ef33aa
1 parent 2538267
commit 4ef33aa
Show file tree

Hide file tree

Showing 3 changed files with 513 additions and 167 deletions.
diff --git a/.snyk b/.snyk
@@ -1,5 +1,5 @@
 # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
-version: v1.12.0
+version: v1.13.5
 # ignores vulnerabilities until expiry date; change duration by modifying expiry date
 ignore:
   'npm:minimatch:20160620':
@@ -137,3 +137,26 @@ patch:
         patched: '2016-08-09T00:11:35.413Z'
     - browser-sync > socket.io > engine.io > ws:
         patched: '2016-08-09T00:11:35.413Z'
+  SNYK-JS-LODASH-450202:
+    - snyk > snyk-nodejs-lockfile-parser > lodash:
+        patched: '2019-07-03T23:29:39.528Z'
+    - snyk > lodash:
+        patched: '2019-07-03T23:29:39.528Z'
+    - snyk > snyk-nuget-plugin > lodash:
+        patched: '2019-07-03T23:29:39.528Z'
+    - snyk > @snyk/dep-graph > lodash:
+        patched: '2019-07-03T23:29:39.528Z'
+    - snyk > inquirer > lodash:
+        patched: '2019-07-03T23:29:39.528Z'
+    - snyk > snyk-config > lodash:
+        patched: '2019-07-03T23:29:39.528Z'
+    - snyk > snyk-mvn-plugin > lodash:
+        patched: '2019-07-03T23:29:39.528Z'
+    - snyk > snyk-go-plugin > graphlib > lodash:
+        patched: '2019-07-03T23:29:39.528Z'
+    - snyk > snyk-nodejs-lockfile-parser > graphlib > lodash:
+        patched: '2019-07-03T23:29:39.528Z'
+    - snyk > snyk-php-plugin > @snyk/composer-lockfile-parser > lodash:
+        patched: '2019-07-03T23:29:39.528Z'
+    - snyk > @snyk/dep-graph > graphlib > lodash:
+        patched: '2019-07-03T23:29:39.528Z'