Skip to content

Commit

Permalink
fix: .snyk, package.json & package-lock.json to reduce vulnerabilities
Browse files Browse the repository at this point in the history 
The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/SNYK-JS-LODASH-450202
  • Loading branch information
snyk-test committed Jul 9, 2019
1 parent ad9fd66 commit 5fddd70
Show file tree
Hide file tree
Showing 3 changed files with 1,616 additions and 191 deletions.
12 changes: 12 additions & 0 deletions .snyk
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.13.5
ignore: {}
# patches apply the minimum changes required to fix a vulnerability
patch:
SNYK-JS-LODASH-450202:
- pug > pug-code-gen > constantinople > babel-types > lodash:
patched: '2019-07-09T23:45:28.701Z'
- pug > pug-filters > constantinople > babel-types > lodash:
patched: '2019-07-09T23:45:28.701Z'
- pug > pug-code-gen > pug-attrs > constantinople > babel-types > lodash:
patched: '2019-07-09T23:45:28.701Z'

1 comment on commit 5fddd70

@krohrsb
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://support.snyk.io/hc/en-us/articles/360000897937-Why-is-Snyk-added-into-my-production-dependencies-

Maybe make it a Dev dependency ? That way consumers via npm won't get it in their tree

Please sign in to comment.