fix: .snyk & package.json to reduce vulnerabilities

The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:debug:20170905 - https://snyk.io/vuln/npm:minimatch:20160620 - https://snyk.io/vuln/npm:ms:20170412
2018-11-29 09:34:30 +00:00 · 2018-11-29 09:34:30 +00:00 · 26cd3c388b
parent e76d571a8c
commit 26cd3c388b
2 changed files with 21 additions and 3 deletions
--- a/.snyk
+++ b/.snyk
@ -0,0 +1,14 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.13.1
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:debug:20170905':
+    - pkgcloud > liboneandone > mocha > debug:
+        patched: '2018-11-29T09:34:28.382Z'
+  'npm:minimatch:20160620':
+    - pkgcloud > liboneandone > mocha > glob > minimatch:
+        patched: '2018-11-29T09:34:28.382Z'
+  'npm:ms:20170412':
+    - pkgcloud > liboneandone > mocha > debug > ms:
+        patched: '2018-11-29T09:34:28.382Z'
--- a/package.json
+++ b/package.json
@ -9,7 +9,9 @@
  "scripts": {
    "lint": "eslint .",
    "test": "mocha --timeout 3000",
-    "posttest": "npm run lint"
+    "posttest": "npm run lint",
+    "snyk-protect": "snyk protect",
+    "prepare": "npm run snyk-protect"
  },
  "dependencies": {
    "async": "^2.6.1",
@ -17,7 +19,8 @@
    "formidable": "^1.2.1",
    "pkgcloud": "^1.5.0",
    "strong-globalize": "^4.1.1",
-    "uuid": "^3.2.1"
+    "uuid": "^3.2.1",
+    "snyk": "^1.111.1"
  },
  "devDependencies": {
    "eslint": "^5.4.0",
@ -33,5 +36,6 @@
    "type": "git",
    "url": "https://github.com/strongloop/loopback-component-storage.git"
  },
-  "license": "Artistic-2.0"
+  "license": "Artistic-2.0",
+  "snyk": true
 }