fix: .snyk & package.json to reduce vulnerabilities

The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-450202
2019-07-05 23:56:40 +00:00
2 changed files with 15 additions and 3 deletions
--- a/.snyk
+++ b/.snyk
@@ -0,0 +1,8 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.13.5
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-LODASH-450202:
+    - sequelize > lodash:
+        patched: '2019-07-05T23:56:38.533Z'
--- a/package.json
+++ b/package.json
@@ -9,7 +9,9 @@
    "test-local": "make test",
    "start": "./bin/nodejsctl start && cp History.md docs/web/history.md",
    "status": "./bin/nodejsctl status",
-    "stop": "./bin/nodejsctl stop"
+    "stop": "./bin/nodejsctl stop",
+    "snyk-protect": "snyk protect",
+    "prepublish": "npm run snyk-protect"
  },
  "bin": {
    "cnpmjs.org": "bin/cli.js"
@@ -68,7 +70,8 @@
    "tunnel-agent": "^0.6.0",
    "urllib": "^2.24.0",
    "utility": "^1.12.0",
-    "xss": "^0.3.3"
+    "xss": "^0.3.3",
+    "snyk": "^1.192.3"
  },
  "devDependencies": {
    "autod": "*",
@@ -115,5 +118,6 @@
    "fengmk2 <fengmk2@gmail.com> (http://fengmk2.com)",
    "dead_horse <dead_horse@qq.com> (http://deadhorse.me)"
  ],
-  "license": "MIT"
+  "license": "MIT",
+  "snyk": true
 }