From f37e2412c05e617ac1097c51a05c4506f940332b Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 1 May 2020 10:16:49 +0300 Subject: [PATCH 1/2] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- package.json | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/package.json b/package.json index b16119fc..a616499a 100644 --- a/package.json +++ b/package.json @@ -22,14 +22,17 @@ "spellcheck": "npx gulp spellcheck", "start": "ts-node ./src/index.ts", "tsc": "gulp tsc", - "tslint": "gulp tslint" + "tslint": "gulp tslint", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" }, "dependencies": { "cassandra-driver": "~3.5.0", "dav-js": "github:DAVFoundation/dav-js", "express": "~4.16.4", "kafka-node": "~2.6.1", - "rxjs": "~5.5.12" + "rxjs": "~5.5.12", + "snyk": "^1.316.1" }, "devDependencies": { "@types/cassandra-driver": "~3.4.0", @@ -51,5 +54,6 @@ "ts-node": "~8.0.3", "tslint": "~5.15.0", "typescript": "~3.4.2" - } + }, + "snyk": true } From 66f2c9ea2960b447595c982e094c8de995bb2a1d Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 1 May 2020 10:16:50 +0300 Subject: [PATCH 2/2] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- .snyk | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 00000000..f86865ef --- /dev/null +++ b/.snyk @@ -0,0 +1,10 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.14.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - kafka-node > lodash: + patched: '2020-05-01T07:16:46.478Z' + - kafka-node > async > lodash: + patched: '2020-05-01T07:16:46.478Z'