fix: package.json, package-lock.json & .snyk to reduce vulnerabilities (

#219) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-MOMENT-2440688 - https://snyk.io/vuln/npm:moment:20161019 - https://snyk.io/vuln/npm:moment:20170905 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:moment:20161019
eswdd · Jan 5, 2023 · 43d6d33 · 43d6d33
1 parent ceacc3e
commit 43d6d33
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 11 deletions.
diff --git a/.snyk b/.snyk
@@ -0,0 +1,8 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.0
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:moment:20161019':
+    - faketsdb > nodetsdb-api > moment:
+        patched: '2023-01-05T11:35:58.155Z'
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -29,7 +29,9 @@
     "pretest": "./pretest.sh",
     "test-continuous": "karma start test/karma.conf.js",
     "test-coverage": "karma start test/karma.coverage.conf.js  --single-run",
-    "test": "karma start test/karma.conf.js  --single-run"
+    "test": "karma start test/karma.conf.js  --single-run",
+    "prepare": "npm run snyk-protect",
+    "snyk-protect": "snyk-protect"
   },
   "dependencies": {
     "angular": "1.8.0",
@@ -52,9 +54,11 @@
     "express": "^4.16.2",
     "faketsdb": "^0.3.2",
     "long": "3.2.0",
-    "moment": "^2.12.0",
+    "moment": "^2.29.2",
     "ngclipboard": "^1.1.1",
     "protobufjs": "5.0.3",
-    "seedrandom": "^2.4.2"
-  }
+    "seedrandom": "^2.4.2",
+    "@snyk/protect": "latest"
+  },
+  "snyk": true
 }