fix: package.json & .snyk to reduce vulnerabilities

The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:qs:20170213 Latest report for punchcard-cms/runner: https://snyk.io/test/github/punchcard-cms/runner
punchcard-cms · Mar 20, 2017 · 7853ce0 · 7853ce0
1 parent 68dea22
commit 7853ce0
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 3 deletions.
diff --git a/.snyk b/.snyk
@@ -0,0 +1,8 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.7.0
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:qs:20170213':
+    - browser-sync > qs:
+        patched: '2017-03-20T09:13:52.739Z'
diff --git a/package.json b/package.json
@@ -12,7 +12,9 @@
     "ava:watch": "ava --watch | tap-diff",
     "coverage": "nyc report --reporter=text-lcov | coveralls",
     "semantic-release": "semantic-release pre && npm publish && semantic-release post",
-    "reparo": "reparo -b master"
+    "reparo": "reparo -b master",
+    "snyk-protect": "snyk protect",
+    "prepublish": "npm run snyk-protect"
   },
   "repository": {
     "type": "git",
@@ -40,7 +42,8 @@
     "gulp-sourcemaps": "^1.1",
     "gulp-task-listing": "^1.0",
     "merge": "^1.2.0",
-    "run-sequence": "^1.2"
+    "run-sequence": "^1.2",
+    "snyk": "^1.25.2"
   },
   "devDependencies": {
     "ava": "^0.16",
@@ -80,5 +83,6 @@
   },
   "engines": {
     "node": "^6"
-  }
+  },
+  "snyk": true
 }