From cb79a55c66882a273f651b33256360dbb55091f8 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 27 Sep 2017 03:57:05 +0000 Subject: [PATCH] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/npm:debug:20170905 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:debug:20170905 Latest report for chicofos/api_jwt: https://snyk.io/test/github/chicofos/api_jwt --- .snyk | 14 ++++++++++++++ package.json | 12 ++++++++---- 2 files changed, 22 insertions(+), 4 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..b696281 --- /dev/null +++ b/.snyk @@ -0,0 +1,14 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.7.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:debug:20170905': + - mongoose > mquery > debug: + patched: '2017-09-27T03:57:05.490Z' + - swagger-node-express > express > connect > method-override > debug: + patched: '2017-09-27T03:57:05.490Z' + - swagger-node-express > express > connect > compression > debug: + patched: '2017-09-27T03:57:05.490Z' + - swagger-node-express > express > connect > serve-index > debug: + patched: '2017-09-27T03:57:05.490Z' diff --git a/package.json b/package.json index 29cf42d..4d56184 100644 --- a/package.json +++ b/package.json @@ -5,7 +5,9 @@ "main": "app.js", "scripts": { "start": "node app.js", - "test": "echo \"Error: no test specified\" && exit 1" + "test": "echo \"Error: no test specified\" && exit 1", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" }, "repository": { "type": "git", @@ -28,7 +30,9 @@ "jsonwebtoken": "^7.1.9", "mongoose": "^4.6.0", "morgan": "^1.8.2", - "swagger-node-express": "~2.0", - "minimist": "*" - } + "swagger-node-express": "~2.1.0", + "minimist": "*", + "snyk": "^1.41.1" + }, + "snyk": true }