From 6581bfaccbab0d7073027df5e06f9c5739c0c1fd Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sun, 17 Dec 2017 11:36:43 +0000 Subject: [PATCH] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:debug:20170905 - https://snyk.io/vuln/npm:ms:20170412 Latest report for domojs/core: https://snyk.io/test/github/domojs/core --- .snyk | 39 +++++++++++++++++++++++++++++++++++++++ package.json | 10 +++++++--- 2 files changed, 46 insertions(+), 3 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..600c863 --- /dev/null +++ b/.snyk @@ -0,0 +1,39 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.10.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:debug:20170905': + - '@akala/server > server-static > socket.io > debug': + patched: '2017-12-17T11:36:43.181Z' + - '@akala/server > server-static > socket.io > socket.io-adapter > debug': + patched: '2017-12-17T11:36:43.181Z' + - '@akala/server > server-static > socket.io > socket.io-client > debug': + patched: '2017-12-17T11:36:43.181Z' + - '@akala/server > server-static > socket.io > socket.io-client > engine.io-client > debug': + patched: '2017-12-17T11:36:43.181Z' + - '@akala/server > server-static > socket.io > socket.io-parser > debug': + patched: '2017-12-17T11:36:43.181Z' + - '@akala/server > server-static > socket.io > socket.io-adapter > socket.io-parser > debug': + patched: '2017-12-17T11:36:43.181Z' + - '@akala/server > server-static > socket.io > socket.io-client > socket.io-parser > debug': + patched: '2017-12-17T11:36:43.181Z' + - '@akala/server > server-static > socket.io > engine.io > debug': + patched: '2017-12-17T11:36:43.181Z' + 'npm:ms:20170412': + - '@akala/server > server-static > socket.io > socket.io-client > socket.io-parser > debug > ms': + patched: '2017-12-17T11:36:43.181Z' + - '@akala/server > server-static > socket.io > engine.io > debug > ms': + patched: '2017-12-17T11:36:43.181Z' + - '@akala/server > server-static > socket.io > socket.io-adapter > debug > ms': + patched: '2017-12-17T11:36:43.181Z' + - '@akala/server > server-static > socket.io > socket.io-client > debug > ms': + patched: '2017-12-17T11:36:43.181Z' + - '@akala/server > server-static > socket.io > socket.io-client > engine.io-client > debug > ms': + patched: '2017-12-17T11:36:43.181Z' + - '@akala/server > server-static > socket.io > socket.io-parser > debug > ms': + patched: '2017-12-17T11:36:43.181Z' + - '@akala/server > server-static > socket.io > socket.io-adapter > socket.io-parser > debug > ms': + patched: '2017-12-17T11:36:43.181Z' + - '@akala/server > server-static > socket.io > debug > ms': + patched: '2017-12-17T11:36:43.181Z' diff --git a/package.json b/package.json index 6dfd2b1..e83e961 100644 --- a/package.json +++ b/package.json @@ -4,7 +4,8 @@ "@akala/json-rpc-ws": "^4.1.11", "@akala/server": "^1.0.43", "@akala/client": "^1.0.9", - "send": "^0.16.1" + "send": "^0.16.1", + "snyk": "^1.59.1" }, "devDependencies": { "@types/request": "^2.0.5", @@ -18,8 +19,11 @@ "name": "@akala-modules/core", "scripts": { "test": "echo \"Error: no test specified\" && exit 1", - "prepublishOnly": "tsc -p src" + "prepublishOnly": "tsc -p src", + "snyk-protect": "snyk protect", + "prepare": "npm run snyk-protect" }, "typings": "dist/index.d.ts", - "version": "1.0.25" + "version": "1.0.25", + "snyk": true } \ No newline at end of file