From f224058139ddaa7a251653804705165040ce7f95 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 7 Oct 2022 22:36:15 +0000 Subject: [PATCH] fix: package.json, package-lock.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- .snyk | 8 ++++++++ package-lock.json | 5 +++++ package.json | 10 +++++++--- 3 files changed, 20 insertions(+), 3 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..ad4fb6b --- /dev/null +++ b/.snyk @@ -0,0 +1,8 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.25.0 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - csvtojson > lodash: + patched: '2022-10-07T22:36:11.477Z' diff --git a/package-lock.json b/package-lock.json index 8640079..392c30a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -4,6 +4,11 @@ "lockfileVersion": 1, "requires": true, "dependencies": { + "@snyk/protect": { + "version": "1.1025.0", + "resolved": "https://registry.npmjs.org/@snyk/protect/-/protect-1.1025.0.tgz", + "integrity": "sha512-RK9tY2Aqujv5l9e/5nE4yiTilk8vxyB99VtJJ/6p9TZYhddCVQUUv+PNenhVVO3jkSD8/3gLWbPakIvQsFKynA==" + }, "accepts": { "version": "1.3.5", "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.5.tgz", diff --git a/package.json b/package.json index 4dae17c..bb9db6f 100644 --- a/package.json +++ b/package.json @@ -5,7 +5,9 @@ "main": "health-codefather-api.js", "scripts": { "start": "node health-codefather-api.js", - "test": "echo \"Error: no test specified\" && exit 1" + "test": "echo \"Error: no test specified\" && exit 1", + "prepare": "npm run snyk-protect", + "snyk-protect": "snyk-protect" }, "repository": { "type": "git", @@ -21,6 +23,8 @@ "body-parser": "^1.18.3", "cors": "^2.8.4", "csvtojson": "^2.0.8", - "express": "^4.16.3" - } + "express": "^4.16.3", + "@snyk/protect": "latest" + }, + "snyk": true }