diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..5d36881 --- /dev/null +++ b/.snyk @@ -0,0 +1,8 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.13.5 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-450202: + - lodash: + patched: '2019-07-08T00:58:39.493Z' diff --git a/package.json b/package.json index 837e87b..e4445cb 100644 --- a/package.json +++ b/package.json @@ -6,7 +6,9 @@ "scripts": { "test": "npm run build-test && gulp check", "build-test": "rm -f test/gen-lib/* && babel test/src -d test/gen-lib", - "coverage": "npm run build-test && gulp test-cov" + "coverage": "npm run build-test && gulp test-cov", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" }, "repository": { "type": "git", @@ -37,6 +39,8 @@ "redux": "^3.5.2" }, "dependencies": { - "lodash": "^4.13.1" - } + "lodash": "^4.13.1", + "snyk": "^1.192.3" + }, + "snyk": true }