fix: package.json & .snyk to reduce vulnerabilities

The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:ejs:20161128 - https://snyk.io/vuln/npm:marked:20170112 - https://snyk.io/vuln/npm:negotiator:20160616 - https://snyk.io/vuln/npm:tar:20151103 - https://snyk.io/vuln/npm:uglify-js:20151024 Latest report for samsonjs/samhuri.net: https://snyk.io/test/github/samsonjs/samhuri.net Some vulnerabilities weren't fixed or ignored, and so will still fail the Snyk test report.
2026-03-25 09:05:47 +00:00 · 2017-04-21 04:58:36 +00:00 · 2017-04-21 04:58:36 +00:00 · 7c4da166ac
commit 7c4da166ac
parent 0608f984cb
2 changed files with 30 additions and 2 deletions
--- a/.snyk
+++ b/.snyk
@ -0,0 +1,22 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.7.0
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:ejs:20161128':
+    - harp > terraform > ejs:
+        patched: '2017-04-21T04:58:35.183Z'
+  'npm:marked:20170112':
+    - harp > terraform > marked:
+        patched: '2017-04-21T04:58:35.183Z'
+  'npm:negotiator:20160616':
+    - harp > connect > compression > accepts > negotiator:
+        patched: '2017-04-21T04:58:35.183Z'
+    - harp > connect > serve-index > accepts > negotiator:
+        patched: '2017-04-21T04:58:35.183Z'
+  'npm:tar:20151103':
+    - harp > download-github-repo > download > decompress > tar:
+        patched: '2017-04-21T04:58:35.183Z'
+  'npm:uglify-js:20151024':
+    - harp > terraform > jade > transformers > uglify-js:
+        patched: '2017-04-21T04:58:35.183Z'
--- a/package.json
+++ b/package.json
@ -5,6 +5,12 @@
  "dependencies": {
    "harp": "^0.23.0",
    "thepusher": "^0.1.4",
-    "uglify-js": "^2.7.5"
-  }
+    "uglify-js": "^2.7.5",
+    "snyk": "^1.29.0"
+  },
+  "scripts": {
+    "snyk-protect": "snyk protect",
+    "prepublish": "npm run snyk-protect"
+  },
+  "snyk": true
 }