From d8ecc4a7b142a310b2f3953f0ff0df3c5922318d Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 1 Mar 2017 12:29:31 +0000 Subject: [PATCH] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are ignored: - https://snyk.io/vuln/npm:unicode:20161219 Latest report for dsingleton/lastfm-export-journals: https://snyk.io/test/github/dsingleton/lastfm-export-journals --- .snyk | 9 +++++++++ package.json | 10 +++++++--- 2 files changed, 16 insertions(+), 3 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..1a4ae1d --- /dev/null +++ b/.snyk @@ -0,0 +1,9 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.7.0 +# ignores vulnerabilities until expiry date; change duration by modifying expiry date +ignore: + 'npm:unicode:20161219': + - slug > unicode: + reason: None given + expires: '2017-03-31T12:29:29.522Z' +patch: {} diff --git a/package.json b/package.json index 8229a5e..56c2cec 100644 --- a/package.json +++ b/package.json @@ -4,7 +4,9 @@ "description": "Export a Last.fm user's journals", "scripts": { "test": "mocha && standard", - "lint": "standard" + "lint": "standard", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" }, "engines": { "nodejs": ">=6.0.0" @@ -29,7 +31,8 @@ "cheerio": "^0.22.0", "request": "^2.79.0", "slug": "^0.9.1", - "to-markdown": "^3.0.3" + "to-markdown": "^3.0.3", + "snyk": "^1.25.1" }, "standard": { "globals": [ @@ -39,5 +42,6 @@ "before", "after" ] - } + }, + "snyk": true }