fix: .snyk & package.json to reduce vulnerabilities

The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-450202
killmenot · Jul 4, 2019 · 3db4bbf · 3db4bbf
1 parent 402edb0
commit 3db4bbf
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 3 deletions.
diff --git a/.snyk b/.snyk
@@ -0,0 +1,12 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.13.5
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-LODASH-450202:
+    - restify-clients > lodash:
+        patched: '2019-07-04T05:59:19.221Z'
+    - restify-clients > restify-errors > lodash:
+        patched: '2019-07-04T05:59:19.221Z'
+    - restify-clients > restify-errors > @netflix/nerror > lodash:
+        patched: '2019-07-04T05:59:19.221Z'
diff --git a/package.json b/package.json
@@ -16,7 +16,9 @@
     "lint": "eslint examples src test",
     "test": "mocha test/* --recursive",
     "coverage": "nyc --reporter=html --reporter=text mocha test/* --recursive",
-    "coveralls": "nyc report --reporter=text-lcov | coveralls"
+    "coveralls": "nyc report --reporter=text-lcov | coveralls",
+    "snyk-protect": "snyk protect",
+    "prepublish": "npm run snyk-protect"
   },
   "nyc": {
     "all": true,
@@ -44,7 +46,8 @@
   "dependencies": {
     "debug": "^4.1.1",
     "hooker": "^0.2.3",
-    "restify-clients": "^2.6.6"
+    "restify-clients": "^2.6.6",
+    "snyk": "^1.189.0"
   },
   "devDependencies": {
     "@babel/cli": "^7.4.4",
@@ -61,5 +64,6 @@
     "restify": "^8.3.2",
     "sinon": "^7.3.2",
     "sinon-chai": "^3.3.0"
-  }
+  },
+  "snyk": true
 }