fix: .snyk & package.json to reduce vulnerabilities

The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:debug:20170905 - https://snyk.io/vuln/npm:minimatch:20160620 - https://snyk.io/vuln/npm:ms:20170412
2018-11-29 09:34:30 +00:00 · 2018-11-29 09:34:30 +00:00 · 26cd3c388b
parent e76d571a8c
commit 26cd3c388b
2 changed files with 21 additions and 3 deletions
--- a/.snyk
+++ b/.snyk
@ -0,0 +1,14 @@
 # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
 version: v1.13.1
 ignore: {}
 # patches apply the minimum changes required to fix a vulnerability
 patch:
  'npm:debug:20170905':
    - pkgcloud > liboneandone > mocha > debug:
        patched: '2018-11-29T09:34:28.382Z'
  'npm:minimatch:20160620':
    - pkgcloud > liboneandone > mocha > glob > minimatch:
        patched: '2018-11-29T09:34:28.382Z'
  'npm:ms:20170412':
    - pkgcloud > liboneandone > mocha > debug > ms:
        patched: '2018-11-29T09:34:28.382Z'
--- a/package.json
+++ b/package.json
@ -9,7 +9,9 @@
  "scripts": {
    "lint": "eslint .",
    "test": "mocha --timeout 3000",
-    "posttest": "npm run lint"
+    "posttest": "npm run lint",
    "snyk-protect": "snyk protect",
    "prepare": "npm run snyk-protect"
  },
  "dependencies": {
    "async": "^2.6.1",
@ -17,7 +19,8 @@
    "formidable": "^1.2.1",
    "pkgcloud": "^1.5.0",
    "strong-globalize": "^4.1.1",
-    "uuid": "^3.2.1"
+    "uuid": "^3.2.1",
    "snyk": "^1.111.1"
  },
  "devDependencies": {
    "eslint": "^5.4.0",
@ -33,5 +36,6 @@
    "type": "git",
    "url": "https://github.com/strongloop/loopback-component-storage.git"
  },
-  "license": "Artistic-2.0"
+  "license": "Artistic-2.0",
  "snyk": true
 }