fix: .snyk, package.json & package-lock.json to reduce vulnerabilities (#241)

The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-450202
2024-11-26 20:14:41 +01:00 · 2019-07-05 20:52:38 +03:00 · 2019-07-05 20:52:38 +03:00 · d6b19fdcb8
commit d6b19fdcb8
parent 3c31df4425
3 changed files with 1480 additions and 216 deletions
--- a/.snyk
+++ b/.snyk
@ -0,0 +1,12 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.13.5
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-LODASH-450202:
+    - lodash:
+        patched: '2019-07-04T02:24:51.720Z'
+    - postcss-discard > lodash:
+        patched: '2019-07-04T02:24:51.720Z'
+    - jsdom > request-promise-native > request-promise-core > lodash:
+        patched: '2019-07-04T02:24:51.720Z'
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@ -5,7 +5,9 @@
  "main": "index.js",
  "scripts": {
    "test": "xo && jest --coverage",
-    "coveralls": "cat ./coverage/lcov.info | coveralls"
+    "coveralls": "cat ./coverage/lcov.info | coveralls",
+    "snyk-protect": "snyk protect",
+    "prepare": "npm run snyk-protect"
  },
  "files": [
    "index.js",
@ -48,7 +50,8 @@
    "reaver": "2.0.0",
    "resolve": "^1.11.0",
    "slash": "^3.0.0",
-    "uglify-js": "^3.6.0"
+    "uglify-js": "^3.6.0",
+    "snyk": "^1.189.0"
  },
  "devDependencies": {
    "coveralls": "^3.0.4",
@ -75,5 +78,6 @@
  },
  "engines": {
    "node": ">= 8"
-  }
+  },
+  "snyk": true
 }