fix: package.json & .snyk to reduce vulnerabilities

The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:ms:20170412 Latest report for wikimedia/restbase: https://snyk.io/test/github/wikimedia/restbase
wikimedia · May 25, 2017 · 58a9a04 · 58a9a04
1 parent 0b89909
commit 58a9a04
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 3 deletions.
diff --git a/.snyk b/.snyk
@@ -0,0 +1,8 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.7.1
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:ms:20170412':
+    - service-runner > limitation > kad > ms:
+        patched: '2017-05-25T23:29:03.997Z'
diff --git a/package.json b/package.json
@@ -8,7 +8,9 @@
     "start": "service-runner",
     "test": "sh test/utils/run_tests.sh test",
     "coverage": "sh test/utils/run_tests.sh coverage",
-    "coveralls": "cat ./coverage/lcov.info | coveralls"
+    "coveralls": "cat ./coverage/lcov.info | coveralls",
+    "snyk-protect": "snyk protect",
+    "prepublish": "npm run snyk-protect"
   },
   "repository": {
     "type": "git",
@@ -43,7 +45,8 @@
     "hyperswitch": "^0.9.0",
     "jsonwebtoken": "^7.3.0",
     "mediawiki-title": "^0.5.6",
-    "entities": "^1.1.1"
+    "entities": "^1.1.1",
+    "snyk": "^1.30.1"
   },
   "devDependencies": {
     "ajv": "^4.11.2",
@@ -76,5 +79,6 @@
     "dependencies": {
       "_all": []
     }
-  }
+  },
+  "snyk": true
 }