From 3962747ade3fee3f958c41a2384a0eb27b7ca761 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 4 Oct 2018 00:03:55 +0000 Subject: [PATCH] fix: .snyk & package.json to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:tunnel-agent:20170305 --- .snyk | 10 ++++++++++ package.json | 10 +++++++--- 2 files changed, 17 insertions(+), 3 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..2152136 --- /dev/null +++ b/.snyk @@ -0,0 +1,10 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.12.0 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:tunnel-agent:20170305': + - gatsby-plugin-sharp > imagemin-mozjpeg > mozjpeg > bin-build > download > caw > tunnel-agent: + patched: '2018-10-04T00:03:54.176Z' + - gatsby-plugin-sharp > imagemin-mozjpeg > mozjpeg > bin-wrapper > download > caw > tunnel-agent: + patched: '2018-10-04T00:03:54.176Z' diff --git a/package.json b/package.json index dabfb8e..c5ce5f9 100644 --- a/package.json +++ b/package.json @@ -21,7 +21,9 @@ "precommit": "lint-staged", "storybook": "start-storybook -p 9001 -c .storybook", "storybook:build": "build-storybook -c .storybook -o public/docs", - "codeclimate": "codeclimate-test-reporter < coverage/lcov.info" + "codeclimate": "codeclimate-test-reporter < coverage/lcov.info", + "snyk-protect": "snyk protect", + "prepare": "npm run snyk-protect" }, "dependencies": { "@types/lodash": "^4.14.63", @@ -62,7 +64,8 @@ "semantic-ui-react": "^0.74.2", "slash": "1.0.0", "ts-loader": "^2.3.7", - "typescript": "2.5.3" + "typescript": "2.5.3", + "snyk": "^1.100.1" }, "devDependencies": { "@storybook/addon-actions": "^3.2.14", @@ -165,5 +168,6 @@ }, "stylelint": { "extends": "stylelint-config-standard" - } + }, + "snyk": true }