From 3deab8e184947b7409b2ae76ce1721b80d285cc1 Mon Sep 17 00:00:00 2001
From: snyk-bot <admin+snyk-bot@snyk.io>
Date: Mon, 2 Jan 2017 16:17:40 +0000
Subject: [PATCH] fix: package.json & .snyk to reduce vulnerabilities

The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/npm:uglify-js:20151024

Latest report for ethanresnick/json-api:
https://snyk.io/test/github/ethanresnick/json-api

Some vulnerabilities weren't fixed or ignored, and so will still fail
the Snyk test report.
---
 .snyk        |  8 ++++++++
 package.json | 11 +++++++----
 2 files changed, 15 insertions(+), 4 deletions(-)
 create mode 100644 .snyk

diff --git a/.snyk b/.snyk
new file mode 100644
index 00000000..277ac8e5
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,8 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.7.0
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:uglify-js:20151024':
+    - jade > transformers > uglify-js:
+        patched: '2017-01-02T16:17:40.328Z'
diff --git a/package.json b/package.json
index 73f1f6a4..89dc6a4f 100644
--- a/package.json
+++ b/package.json
@@ -28,7 +28,8 @@
     "qs": "^5.2.0",
     "raw-body": "1.3.x",
     "url-template": "^2.0.4",
-    "vary": "^1.0.0"
+    "vary": "^1.0.0",
+    "snyk": "^1.22.1"
   },
   "devDependencies": {
     "babel": "5.6.14",
@@ -51,10 +52,11 @@
     "express": "^4.0.0"
   },
   "scripts": {
-    "prepublish": "make compile",
+    "prepublish": "npm run snyk-protect && make compile",
     "cover_local": "istanbul cover -x **/lib/** --report lcovonly ./node_modules/mocha/bin/_mocha -- ./build/test/integration/index.js $(find ./build/test/unit -name \"*.js\") > /dev/null",
     "cover_ci": "istanbul cover -x **/lib/** --report lcovonly ./node_modules/mocha/bin/_mocha -- -R dot ./build/test/integration/index.js $(find ./build/test/unit -name \"*.js\") && cat ./coverage/lcov.info | ./node_modules/coveralls/bin/coveralls.js && rm -rf ./coverage",
-    "test": "./node_modules/mocha/bin/_mocha ./build/test/integration/index.js $(find ./build/test/unit -name \"*.js\")"
+    "test": "./node_modules/mocha/bin/_mocha ./build/test/integration/index.js $(find ./build/test/unit -name \"*.js\")",
+    "snyk-protect": "snyk protect"
   },
   "bugs": {
     "url": "https://github.com/ethanresnick/json-api/issues"
@@ -66,5 +68,6 @@
     "hypermedia",
     "rest",
     "restful"
-  ]
+  ],
+  "snyk": true
 }