From de12d31cce01b3c79492d1248c9090875032555a Mon Sep 17 00:00:00 2001 From: snyk-test Date: Thu, 4 Jul 2019 00:23:50 +0000 Subject: [PATCH] fix: .snyk & package.json to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-450202 --- .snyk | 14 ++++++++++++++ package.json | 10 +++++++--- 2 files changed, 21 insertions(+), 3 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 000000000..96ae023cb --- /dev/null +++ b/.snyk @@ -0,0 +1,14 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.13.5 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-450202: + - gcloud > split-array-stream > async > lodash: + patched: '2019-07-04T00:23:48.586Z' + - gcloud > google-auto-auth > google-auth-library > request > form-data > async > lodash: + patched: '2019-07-04T00:23:48.586Z' + - gcloud > gce-images > google-auto-auth > google-auth-library > request > form-data > async > lodash: + patched: '2019-07-04T00:23:48.586Z' + - gcloud > gcs-resumable-upload > google-auto-auth > google-auth-library > request > form-data > async > lodash: + patched: '2019-07-04T00:23:48.586Z' diff --git a/package.json b/package.json index 5e3a0e04d..b9561daeb 100644 --- a/package.json +++ b/package.json @@ -14,7 +14,9 @@ "author": "The AMP HTML Authors", "license": "Apache-2.0", "scripts": { - "start": "gulp serve" + "start": "gulp serve", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" }, "dependencies": { "basscss": "^8.0.3", @@ -22,7 +24,8 @@ "compression": "^1.6.1", "connect": "^3.4.0", "express": "^4.13.4", - "gcloud": "^0.27.0" + "gcloud": "^0.27.0", + "snyk": "^1.189.0" }, "devDependencies": { "amphtml-validator": "^1.0.15", @@ -57,5 +60,6 @@ "string": "^3.3.1", "through2": "^2.0.1", "yargs": "^3.10.0" - } + }, + "snyk": true }