From c0556c65f7738c44ca4db949414e7e3d23a9eda9 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 24 Oct 2018 04:48:24 +0000 Subject: [PATCH] fix: .snyk & package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/npm:tunnel-agent:20170305 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:tunnel-agent:20170305 --- .snyk | 12 ++++++++++++ package.json | 10 +++++++--- 2 files changed, 19 insertions(+), 3 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 000000000..457e0d1d4 --- /dev/null +++ b/.snyk @@ -0,0 +1,12 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.12.0 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:tunnel-agent:20170305': + - gcloud > retry-request > request > tunnel-agent: + patched: '2018-10-24T04:48:23.151Z' + - gcloud > google-auto-auth > google-auth-library > request > tunnel-agent: + patched: '2018-10-24T04:48:23.151Z' + - gcloud > gce-images > google-auto-auth > google-auth-library > request > tunnel-agent: + patched: '2018-10-24T04:48:23.151Z' diff --git a/package.json b/package.json index 5e3a0e04d..e3733e3e9 100644 --- a/package.json +++ b/package.json @@ -14,7 +14,9 @@ "author": "The AMP HTML Authors", "license": "Apache-2.0", "scripts": { - "start": "gulp serve" + "start": "gulp serve", + "snyk-protect": "snyk protect", + "prepare": "npm run snyk-protect" }, "dependencies": { "basscss": "^8.0.3", @@ -22,7 +24,8 @@ "compression": "^1.6.1", "connect": "^3.4.0", "express": "^4.13.4", - "gcloud": "^0.27.0" + "gcloud": "^0.36.0", + "snyk": "^1.104.2" }, "devDependencies": { "amphtml-validator": "^1.0.15", @@ -57,5 +60,6 @@ "string": "^3.3.1", "through2": "^2.0.1", "yargs": "^3.10.0" - } + }, + "snyk": true }