From 52e23a70d8c0e6aeb93cfdb37194c4ab4b4bcbfb Mon Sep 17 00:00:00 2001 From: snyk-test Date: Thu, 4 Jul 2019 01:27:08 +0000 Subject: [PATCH] fix: .snyk & package.json to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-450202 --- .snyk | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ package.json | 10 +++++++--- 2 files changed, 55 insertions(+), 3 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..2c29eb1 --- /dev/null +++ b/.snyk @@ -0,0 +1,48 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.13.5 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-450202: + - zeronet-crypto > libp2p-secio > peer-info > peer-id > async > lodash: + patched: '2019-07-04T01:27:06.695Z' + - async > lodash: + patched: '2019-07-04T01:27:06.695Z' + - zeronet-crypto > libp2p-secio > peer-id > lodash: + patched: '2019-07-04T01:27:06.695Z' + - zeronet-crypto > libp2p-secio > async > lodash: + patched: '2019-07-04T01:27:06.695Z' + - peer-info > peer-id > async > lodash: + patched: '2019-07-04T01:27:06.695Z' + - zeronet-crypto > libp2p-secio > libp2p-crypto > async > lodash: + patched: '2019-07-04T01:27:06.695Z' + - peer-info > peer-id > libp2p-crypto > async > lodash: + patched: '2019-07-04T01:27:06.695Z' + - zeronet-crypto > libp2p-secio > peer-info > peer-id > lodash: + patched: '2019-07-04T01:27:06.695Z' + - zeronet-crypto > libp2p-secio > peer-id > async > lodash: + patched: '2019-07-04T01:27:06.695Z' + - zeronet-crypto > libp2p-secio > multihashing-async > async > lodash: + patched: '2019-07-04T01:27:06.695Z' + - peer-info > peer-id > lodash: + patched: '2019-07-04T01:27:06.695Z' + - peer-info > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2019-07-04T01:27:06.695Z' + - zeronet-crypto > libp2p-secio > peer-id > libp2p-crypto > async > lodash: + patched: '2019-07-04T01:27:06.695Z' + - zeronet-crypto > libp2p-secio > libp2p-crypto > multihashing-async > async > lodash: + patched: '2019-07-04T01:27:06.695Z' + - zeronet-crypto > libp2p-secio > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2019-07-04T01:27:06.695Z' + - peer-info > peer-id > libp2p-crypto > multihashing-async > async > lodash: + patched: '2019-07-04T01:27:06.695Z' + - zeronet-crypto > libp2p-secio > peer-info > peer-id > libp2p-crypto > async > lodash: + patched: '2019-07-04T01:27:06.695Z' + - zeronet-crypto > libp2p-secio > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2019-07-04T01:27:06.695Z' + - zeronet-crypto > libp2p-secio > peer-id > libp2p-crypto > multihashing-async > async > lodash: + patched: '2019-07-04T01:27:06.695Z' + - zeronet-crypto > libp2p-secio > peer-info > peer-id > libp2p-crypto > multihashing-async > async > lodash: + patched: '2019-07-04T01:27:06.695Z' + - zeronet-crypto > libp2p-secio > peer-info > peer-id > libp2p-crypto > libp2p-crypto-secp256k1 > async > lodash: + patched: '2019-07-04T01:27:06.695Z' diff --git a/package.json b/package.json index 7f2c942..c1b58c0 100644 --- a/package.json +++ b/package.json @@ -13,7 +13,9 @@ "release-minor": "aegir release --type minor", "release-major": "aegir release --type major", "coverage": "aegir coverage", - "coverage-publish": "aegir coverage -u" + "coverage-publish": "aegir coverage -u", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" }, "keywords": [ "zeronet", @@ -47,7 +49,8 @@ "uuid": "^3.2.1", "zeronet-common": "~0.3.0", "zeronet-crypto": "~0.2.1", - "zeronet-fallaby": "0.0.2" + "zeronet-fallaby": "0.0.2", + "snyk": "^1.189.0" }, "devDependencies": { "aegir": "^13.0.5" @@ -55,5 +58,6 @@ "contributors": [ "kustomzone ", "mkg20001 " - ] + ], + "snyk": true }