From 0ef8f6283724fd38fa7ee01a799e0f8e36b1d68c Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 26 Sep 2017 06:44:05 +0000 Subject: [PATCH] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:debug:20170905 Latest report for colinbdclark/flocking-midi-router: https://snyk.io/test/github/colinbdclark/flocking-midi-router --- .snyk | 20 ++++++++++++++++++++ package.json | 10 ++++++++-- 2 files changed, 28 insertions(+), 2 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..29c93c7 --- /dev/null +++ b/.snyk @@ -0,0 +1,20 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.7.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:debug:20170905': + - gpii-launcher > kettle > express > debug: + patched: '2017-09-26T06:44:05.590Z' + - gpii-launcher > kettle > express > finalhandler > debug: + patched: '2017-09-26T06:44:05.590Z' + - gpii-launcher > kettle > express > send > debug: + patched: '2017-09-26T06:44:05.590Z' + - gpii-launcher > kettle > serve-static > send > debug: + patched: '2017-09-26T06:44:05.590Z' + - gpii-launcher > kettle > body-parser > debug: + patched: '2017-09-26T06:44:05.590Z' + - gpii-launcher > kettle > express-session > debug: + patched: '2017-09-26T06:44:05.590Z' + - gpii-launcher > kettle > express > serve-static > send > debug: + patched: '2017-09-26T06:44:05.590Z' diff --git a/package.json b/package.json index e8d2b74..1a01540 100644 --- a/package.json +++ b/package.json @@ -36,6 +36,12 @@ "flocking": "0.2.0-dev.20170206T221943Z.fb09a52", "gpii-launcher": "1.0.0-dev.20170207T102054Z.3d7b546", "infusion": "2.0.0", - "minimist": "1.2.0" - } + "minimist": "1.2.0", + "snyk": "^1.41.1" + }, + "scripts": { + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" + }, + "snyk": true }