diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..1806c1d --- /dev/null +++ b/.snyk @@ -0,0 +1,12 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.13.5 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-450202: + - bookshelf > lodash: + patched: '2019-07-05T05:44:29.699Z' + - checkit > lodash: + patched: '2019-07-05T05:44:29.699Z' + - knex > lodash: + patched: '2019-07-05T05:44:29.699Z' diff --git a/package.json b/package.json index 6b5b7b1..68024d7 100644 --- a/package.json +++ b/package.json @@ -7,7 +7,9 @@ "start": "nodemon --exec babel-node --presets=es2015 index.js", "debug": "DEBUG=knex:bindings nodemon --inspect --exec babel-node --presets=es2015 index.js", "migrate-up": "DEBUG=knex:tx knex migrate:latest", - "migrate-down": "DEBUG=knex:tx knex migrate:rollback" + "migrate-down": "DEBUG=knex:tx knex migrate:rollback", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" }, "author": "Raghav Garg ", "repository": { @@ -24,7 +26,8 @@ "jsonwebtoken": "^8.0.0", "knex": "^0.12.6", "mysql": "^2.13.0", - "validator": "^6.2.1" + "validator": "^6.2.1", + "snyk": "^1.192.0" }, "devDependencies": { "babel-cli": "^6.18.0", @@ -32,5 +35,6 @@ "babel-preset-env": "^1.1.5", "babel-preset-latest": "^6.22.0", "morgan": "^1.7.0" - } + }, + "snyk": true }