From 4fcad07647b92da2ce9a8ff82337b923632f7492 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 29 Sep 2017 22:20:12 +0000 Subject: [PATCH] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:debug:20170905 Latest report for sethbergman/chrome-developer-channel: https://snyk.io/test/github/sethbergman/chrome-developer-channel --- .snyk | 14 ++++++++++++++ package.json | 10 +++++++--- 2 files changed, 21 insertions(+), 3 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..72bd0b9 --- /dev/null +++ b/.snyk @@ -0,0 +1,14 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.7.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:debug:20170905': + - firebase-tools > @google-cloud/functions-emulator > body-parser > debug: + patched: '2017-09-29T22:20:12.203Z' + - firebase-tools > @google-cloud/functions-emulator > express > debug: + patched: '2017-09-29T22:20:12.203Z' + - firebase-tools > @google-cloud/functions-emulator > express > send > debug: + patched: '2017-09-29T22:20:12.203Z' + - firebase-tools > @google-cloud/functions-emulator > express > serve-static > send > debug: + patched: '2017-09-29T22:20:12.203Z' diff --git a/package.json b/package.json index 21013ec..629b42b 100644 --- a/package.json +++ b/package.json @@ -9,7 +9,9 @@ "scripts": { "start": "./bin/snap", "serve": "bower install; firebase serve & babel -w public/scripts -s --retain-lines -d public/scripts-es5", - "test": "polymer test" + "test": "polymer test", + "snyk-protect": "snyk protect", + "prepare": "npm run snyk-protect" }, "repository": { "type": "git", @@ -34,6 +36,8 @@ "babel-cli": "^6.24.1", "babel-preset-es2015": "^6.24.1", "bower": "^1.8.0", - "firebase-tools": "^3.6.1" - } + "firebase-tools": "^3.6.1", + "snyk": "^1.41.1" + }, + "snyk": true }