diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..e6403fa --- /dev/null +++ b/.snyk @@ -0,0 +1,8 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.22.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - '@oada/oada-cache > @oada/oada-id-client > jwt-bearer-client-auth > @oada/oada-certs > inquirer > lodash': + patched: '2022-03-25T21:45:09.194Z' diff --git a/package.json b/package.json index 6d1b044..473e89c 100644 --- a/package.json +++ b/package.json @@ -7,10 +7,11 @@ "scripts": { "test": "mocha -w --require @babel/register test/**/*.test.js", "build": "babel src --out-dir build", - "prepare": "npm run build", + "prepare": "yarn run snyk-protect && npm run build", "prettier": "prettier --write 'src/**/*.js'", "build-watch": "babel --watch src --out-dir ./", - "dev": "cpx \"*.js\" $APP_DIR/node_modules/@oada/cerebral-module/ --watch --verbose" + "dev": "cpx \"*.js\" $APP_DIR/node_modules/@oada/cerebral-module/ --watch --verbose", + "snyk-protect": "snyk-protect" }, "author": "oada", "license": "Apache-2.0", @@ -20,7 +21,8 @@ "fs": "^0.0.1-security", "lodash": "^4.17.15", "url": "^0.11.0", - "uuid": "^7.0.3" + "uuid": "^7.0.3", + "@snyk/protect": "latest" }, "peerDependencies": { "cerebral": "^5.2.1" @@ -35,5 +37,6 @@ "prettier": "2.0.2", "chai": "^4.1.2", "assert": "^1.4.1" - } + }, + "snyk": true } diff --git a/yarn.lock b/yarn.lock index 2306d9f..c07f38a 100644 --- a/yarn.lock +++ b/yarn.lock @@ -851,6 +851,11 @@ superagent "^5.2.2" urijs "^1.18.12" +"@snyk/protect@^1.883.0": + version "1.883.0" + resolved "https://registry.yarnpkg.com/@snyk/protect/-/protect-1.883.0.tgz#048015d4e0f1c18b6abc7e2773b6374b620bd399" + integrity sha512-N/EqG6P/qNYWOfuZAfGS1d7yGwGY4zV7AvKtgTzdhazDt7G/mRLG6czLSWNWGEFYBiMsYRVPHdc5It3bjhmIGw== + "@types/color-name@^1.1.1": version "1.1.1" resolved "https://registry.yarnpkg.com/@types/color-name/-/color-name-1.1.1.tgz#1c1261bbeaa10a8055bbc5d8ab84b7b2afc846a0"