diff --git a/.snyk b/.snyk new file mode 100644 index 00000000..f02f7ae0 --- /dev/null +++ b/.snyk @@ -0,0 +1,8 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.25.0 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - express-oauth-server > oauth2-server > lodash: + patched: '2022-06-06T14:57:24.390Z' diff --git a/package.json b/package.json index 20eb0e1a..8ce6932d 100644 --- a/package.json +++ b/package.json @@ -13,7 +13,9 @@ "doc:dev": "cd docs && bundle exec jekyll s --drafts", "migrate": "NODE_ENV=production sequelize db:migrate", "migrate:dev": "sequelize db:migrate", - "build:wc": "cd webcomponents; yarn build:lib; cp dist/gancio-events.es.js ../wp-plugin/js/; cp dist/gancio-events.es.js ../assets/; cp dist/gancio-events.es.js ../docs/assets/js/" + "build:wc": "cd webcomponents; yarn build:lib; cp dist/gancio-events.es.js ../wp-plugin/js/; cp dist/gancio-events.es.js ../assets/; cp dist/gancio-events.es.js ../docs/assets/js/", + "prepare": "yarn run snyk-protect", + "snyk-protect": "snyk-protect" }, "files": [ "server/", @@ -72,7 +74,8 @@ "vuetify": "npm:@vuetify/nightly@dev", "winston": "^3.7.2", "winston-daily-rotate-file": "^4.7.1", - "yargs": "^17.5.0" + "yargs": "^17.5.0", + "@snyk/protect": "latest" }, "devDependencies": { "@nuxtjs/vuetify": "^1.12.3", @@ -109,5 +112,6 @@ "repository": { "type": "git", "url": "https://framagit.org/les/gancio" - } + }, + "snyk": true } diff --git a/yarn.lock b/yarn.lock index 543aa2c1..ac25fd3b 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1897,6 +1897,11 @@ dependencies: "@sinonjs/commons" "^1.7.0" +"@snyk/protect@^1.946.0": + version "1.946.0" + resolved "https://registry.yarnpkg.com/@snyk/protect/-/protect-1.946.0.tgz#4960ad4079145615d16fcbf2644ef016f08a7fdc" + integrity sha512-LdqVSuI3gFX87dLfZsUvlb5lp7XuURa22uY2oDuOyNxk4Z0gsSOoYxYrFXUW2RreH+mch1T6rU5HztQkoL38YQ== + "@tootallnate/once@1": version "1.1.2" resolved "https://registry.yarnpkg.com/@tootallnate/once/-/once-1.1.2.tgz#ccb91445360179a04e7fe6aff78c00ffc1eeaf82"