fix: package.json & .snyk to reduce vulnerabilities

The following vulnerabilities are ignored: - https://snyk.io/vuln/npm:growl:20160721 Latest report for mochajs/mocha: https://snyk.io/test/github/mochajs/mocha
mochajs · May 24, 2017 · ac75644 · ac75644
1 parent fc35691
commit ac75644
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 3 deletions.
diff --git a/.snyk b/.snyk
@@ -0,0 +1,9 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.7.0
+# ignores vulnerabilities until expiry date; change duration by modifying expiry date
+ignore:
+  'npm:growl:20160721':
+    - growl:
+        reason: None given
+        expires: '2017-06-23T05:13:30.432Z'
+patch: {}
diff --git a/package.json b/package.json
@@ -304,7 +304,9 @@
     "precoverage": "rm -rf coverage",
     "coverage": "COVERAGE=true npm run test",
     "postcoverage": "istanbul-combine -d coverage -r lcov -r html coverage/reports/*/*.json",
-    "preversion": "make test && rm mocha.js && make mocha.js && git add mocha.js"
+    "preversion": "make test && rm mocha.js && make mocha.js && git add mocha.js",
+    "snyk-protect": "snyk protect",
+    "prepublish": "npm run snyk-protect"
   },
   "dependencies": {
     "browser-stdout": "1.3.0",
@@ -317,7 +319,8 @@
     "json3": "3.3.2",
     "lodash.create": "3.1.1",
     "mkdirp": "0.5.1",
-    "supports-color": "3.1.2"
+    "supports-color": "3.1.2",
+    "snyk": "^1.30.1"
   },
   "devDependencies": {
     "assert": "^1.4.1",
@@ -374,5 +377,6 @@
       "phantomjs",
       "lodash.create"
     ]
-  }
+  },
+  "snyk": true
 }