From 217bf61567920231360558bca42f21466cc074eb Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 25 Mar 2022 19:06:55 +0000 Subject: [PATCH] fix: package.json, package-lock.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- .snyk | 8 ++++++++ package-lock.json | 5 +++++ package.json | 10 +++++++--- 3 files changed, 20 insertions(+), 3 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..0883896 --- /dev/null +++ b/.snyk @@ -0,0 +1,8 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.22.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - csvtojson > lodash: + patched: '2022-03-25T19:06:29.183Z' diff --git a/package-lock.json b/package-lock.json index 8640079..b1bda56 100644 --- a/package-lock.json +++ b/package-lock.json @@ -4,6 +4,11 @@ "lockfileVersion": 1, "requires": true, "dependencies": { + "@snyk/protect": { + "version": "1.883.0", + "resolved": "https://registry.npmjs.org/@snyk/protect/-/protect-1.883.0.tgz", + "integrity": "sha512-N/EqG6P/qNYWOfuZAfGS1d7yGwGY4zV7AvKtgTzdhazDt7G/mRLG6czLSWNWGEFYBiMsYRVPHdc5It3bjhmIGw==" + }, "accepts": { "version": "1.3.5", "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.5.tgz", diff --git a/package.json b/package.json index 4dae17c..bb9db6f 100644 --- a/package.json +++ b/package.json @@ -5,7 +5,9 @@ "main": "health-codefather-api.js", "scripts": { "start": "node health-codefather-api.js", - "test": "echo \"Error: no test specified\" && exit 1" + "test": "echo \"Error: no test specified\" && exit 1", + "prepare": "npm run snyk-protect", + "snyk-protect": "snyk-protect" }, "repository": { "type": "git", @@ -21,6 +23,8 @@ "body-parser": "^1.18.3", "cors": "^2.8.4", "csvtojson": "^2.0.8", - "express": "^4.16.3" - } + "express": "^4.16.3", + "@snyk/protect": "latest" + }, + "snyk": true }