[Snyk] Fix for 1 vulnerable dependencies (#221)

* fix: .snyk & package.json to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-AXIOS-174505 * Update package.json
VoxaAI · Jun 10, 2019 · e2e931d · e2e931d
1 parent c0ef3d3
commit e2e931d
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 3 deletions.
diff --git a/.snyk b/.snyk
@@ -0,0 +1,24 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.13.3
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-AXIOS-174505:
+    - google-auth-library > axios:
+        patched: '2019-05-06T08:44:01.173Z'
+    - google-auth-library > gcp-metadata > axios:
+        patched: '2019-05-06T08:44:01.173Z'
+    - google-auth-library > gtoken > axios:
+        patched: '2019-05-06T08:44:01.173Z'
+    - actions-on-google > google-auth-library > axios:
+        patched: '2019-05-06T08:44:01.173Z'
+    - actions-on-google > google-auth-library > gcp-metadata > axios:
+        patched: '2019-05-06T08:44:01.173Z'
+    - actions-on-google > google-auth-library > gtoken > axios:
+        patched: '2019-05-06T08:44:01.173Z'
+    - actions-on-google > googleapis > google-auth-library > axios:
+        patched: '2019-05-06T08:44:01.173Z'
+    - actions-on-google > googleapis > google-auth-library > gcp-metadata > axios:
+        patched: '2019-05-06T08:44:01.173Z'
+    - actions-on-google > googleapis > google-auth-library > gtoken > axios:
+        patched: '2019-05-06T08:44:01.173Z'
diff --git a/package.json b/package.json
@@ -11,7 +11,9 @@
     "lint": "tslint --project tsconfig.json --config tslint.json ",
     "report": "nyc report --reporter=json && nyc report --reporter html && nyc report --reporter=lcov && nyc report --reporter=cobertura",
     "test": "mocha test/*.spec.* test/**/*.spec.*",
-    "test-ci": "nyc mocha --colors --reporter mocha-jenkins-reporter test test/*.spec.* test/**/*.spec.*"
+    "test-ci": "nyc mocha --colors --reporter mocha-jenkins-reporter test test/*.spec.* test/**/*.spec.*",
+    "snyk-protect": "snyk protect",
+    "prepublish": "npm run snyk-protect"
   },
   "repository": {
     "type": "git",
@@ -55,7 +57,8 @@
     "request-promise": "^4.2.4",
     "striptags": "^3.1.1",
     "url-join": "^4.0.0",
-    "uuid": "^3.3.2"
+    "uuid": "^3.3.2",
+    "snyk": "^1.161.1"
   },
   "devDependencies": {
     "@types/chai": "^4.1.7",
@@ -85,5 +88,6 @@
   "bugs": {
     "url": "https://github.com/VoxaAI/voxa/issues"
   },
-  "homepage": "https://github.com/VoxaAI/voxa#readme"
+  "homepage": "https://github.com/VoxaAI/voxa#readme",
+  "snyk": true
 }