diff --git a/.snyk b/.snyk new file mode 100644 index 00000000..0f98cc3b --- /dev/null +++ b/.snyk @@ -0,0 +1,10 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.25.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:lodash:20180130': + - async-helper-base > lodash: + patched: '2024-09-10T14:45:28.165Z' + id: 'npm:lodash:20180130' + path: async-helper-base > lodash diff --git a/package.json b/package.json index fcd5fdbc..51ab073d 100644 --- a/package.json +++ b/package.json @@ -24,7 +24,9 @@ "node": ">=0.10.0" }, "scripts": { - "test": "mocha" + "test": "mocha", + "prepublish": "npm run snyk-protect", + "snyk-protect": "snyk-protect" }, "dependencies": { "ansi-bold": "^0.1.1", @@ -93,7 +95,8 @@ "through2": "^2.0.0", "update-copyright": "^0.1.0", "vinyl-fs": "^1.0.0", - "year": "^0.2.1" + "year": "^0.2.1", + "@snyk/protect": "latest" }, "devDependencies": { "consolidate": "^0.13.1", @@ -158,5 +161,6 @@ "config-cache" ] } - } + }, + "snyk": true }