From c69d2a941ed83de4991065b3a0c3675cb98c2a78 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 26 May 2017 05:59:05 +0000 Subject: [PATCH] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:ms:20170412 Latest report for naramsim/pokebot: https://snyk.io/test/github/naramsim/pokebot --- .snyk | 12 ++++++++++++ package.json | 10 +++++++--- 2 files changed, 19 insertions(+), 3 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..e66f12f --- /dev/null +++ b/.snyk @@ -0,0 +1,12 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.7.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:ms:20170412': + - now-logs > socket.io-client > debug > ms: + patched: '2017-05-26T05:59:05.326Z' + - now-logs > socket.io-client > engine.io-client > debug > ms: + patched: '2017-05-26T05:59:05.326Z' + - now-logs > socket.io-client > socket.io-parser > debug > ms: + patched: '2017-05-26T05:59:05.326Z' diff --git a/package.json b/package.json index 74ae0bf..462084f 100644 --- a/package.json +++ b/package.json @@ -9,7 +9,9 @@ "debug": "node start.js", "start": "node start.js", "ngrok": "ngrok http 8080", - "now-deploy": "now -e POKEBOT_TOKEN=@pokebot_token -e POKEBOT_VERIFY=@pokebot_verify -e POKEBOT_APP_SECRET=@pokebot_app_secret -e LOG_TOKEN=@log_token" + "now-deploy": "now -e POKEBOT_TOKEN=@pokebot_token -e POKEBOT_VERIFY=@pokebot_verify -e POKEBOT_APP_SECRET=@pokebot_app_secret -e LOG_TOKEN=@log_token", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" }, "keywords": [ "PokeBot", @@ -31,6 +33,8 @@ "now-logs": "0.0.7", "pokemon-go-iv-calculator": "^0.3.2", "request": "^2.74.0", - "request-promise": "^4.1.0" - } + "request-promise": "^4.1.0", + "snyk": "^1.30.1" + }, + "snyk": true }