fix: .snyk & package.json to reduce vulnerabilities (#77)

snyk-bot · idanto · commit d6c3169ed16d · 2019-07-04T11:31:50.000+03:00
The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-450202
diff --git a/.snyk b/.snyk
@@ -0,0 +1,8 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.13.5
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-LODASH-450202:
+    - api-schema-builder > json-schema-deref-sync > lodash:
+        patched: '2019-07-04T04:52:25.335Z'
diff --git a/package.json b/package.json
@@ -32,7 +32,9 @@
     "test": "nyc node_modules/mocha/bin/_mocha --recursive ./test/*/*/*-test.js ./test/*/*-test.js ./test/*-test.js && npm run lint:types",
     "node6-test": "nyc node_modules/mocha/bin/_mocha --recursive ./test/express/*/*-test.js ./test/express/*-test.js ./test/*-test.js",
     "coveralls": "cat ./coverage/lcov.info | ./node_modules/.bin/coveralls",
-    "doctoc": "npm install -g doctoc && doctoc README.md"
+    "doctoc": "npm install -g doctoc && doctoc README.md",
+    "snyk-protect": "snyk protect",
+    "prepublish": "npm run snyk-protect"
   },
   "repository": {
     "type": "git",
@@ -57,7 +59,8 @@
   "license": "Apache-2.0",
   "dependencies": {
     "api-schema-builder": "^1.0.9",
-    "memoizee": "^0.4.14"
+    "memoizee": "^0.4.14",
+    "snyk": "^1.189.0"
   },
   "devDependencies": {
     "@typescript-eslint/eslint-plugin": "^1.9.0",
@@ -93,5 +96,6 @@
   },
   "publishConfig": {
     "registry": "https://registry.npmjs.org/"
-  }
+  },
+  "snyk": true
 }
