fix: .snyk & package.json to reduce vulnerabilities

snyk-test · snyk-test · commit 37b3cf939e70 · 2019-07-04T00:32:34.000Z
The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-450202
diff --git a/.snyk b/.snyk
@@ -0,0 +1,50 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.13.5
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-LODASH-450202:
+    - next > styled-jsx > babel-types > lodash:
+        patched: '2019-07-04T00:32:32.315Z'
+    - lodash:
+        patched: '2019-07-04T00:32:32.315Z'
+    - mongoose > async > lodash:
+        patched: '2019-07-04T00:32:32.315Z'
+    - pm2 > async > lodash:
+        patched: '2019-07-04T00:32:32.315Z'
+    - next > write-file-webpack-plugin > lodash:
+        patched: '2019-07-04T00:32:32.315Z'
+    - next > webpackbar > lodash:
+        patched: '2019-07-04T00:32:32.315Z'
+    - next > autodll-webpack-plugin > lodash:
+        patched: '2019-07-04T00:32:32.315Z'
+    - next > @babel/core > lodash:
+        patched: '2019-07-04T00:32:32.315Z'
+    - pm2 > @pm2/js-api > async > lodash:
+        patched: '2019-07-04T00:32:32.315Z'
+    - next > webpackbar > table > lodash:
+        patched: '2019-07-04T00:32:32.315Z'
+    - next > webpackbar > consola > lodash:
+        patched: '2019-07-04T00:32:32.315Z'
+    - cloudinary > lodash:
+        patched: '2019-07-04T00:32:32.315Z'
+    - next > autodll-webpack-plugin > webpack-merge > lodash:
+        patched: '2019-07-04T00:32:32.315Z'
+    - next > @babel/core > @babel/types > lodash:
+        patched: '2019-07-04T00:32:32.315Z'
+    - pm2 > pm2-deploy > async > lodash:
+        patched: '2019-07-04T00:32:32.315Z'
+    - pm2 > vizion > async > lodash:
+        patched: '2019-07-04T00:32:32.315Z'
+    - next > @babel/plugin-transform-runtime > @babel/helper-module-imports > @babel/types > lodash:
+        patched: '2019-07-04T00:32:32.315Z'
+    - next > @babel/preset-env > @babel/plugin-transform-async-to-generator > @babel/helper-module-imports > @babel/types > lodash:
+        patched: '2019-07-04T00:32:32.315Z'
+    - next > @babel/preset-env > @babel/plugin-proposal-async-generator-functions > @babel/helper-remap-async-to-generator > @babel/helper-annotate-as-pure > @babel/types > lodash:
+        patched: '2019-07-04T00:32:32.315Z'
+    - next > @babel/plugin-proposal-class-properties > @babel/helper-replace-supers > @babel/traverse > @babel/helper-function-name > @babel/template > @babel/types > lodash:
+        patched: '2019-07-04T00:32:32.315Z'
+    - next > @babel/preset-env > @babel/plugin-transform-async-to-generator > @babel/helper-remap-async-to-generator > @babel/helper-wrap-function > @babel/helper-function-name > @babel/template > @babel/types > lodash:
+        patched: '2019-07-04T00:32:32.315Z'
+    - next > @babel/preset-env > @babel/plugin-proposal-async-generator-functions > @babel/helper-remap-async-to-generator > @babel/helper-wrap-function > @babel/traverse > @babel/helper-function-name > @babel/helper-get-function-arity > @babel/types > lodash:
+        patched: '2019-07-04T00:32:32.315Z'
diff --git a/package.json b/package.json
@@ -7,7 +7,9 @@
     "dev": "node server.js -p $PORT",
     "build": "next build",
     "heroku-postbuild": "next build",
-    "start": "pm2-runtime start ecosystem.config.js --env production"
+    "start": "pm2-runtime start ecosystem.config.js --env production",
+    "snyk-protect": "snyk protect",
+    "prepublish": "npm run snyk-protect"
   },
   "repository": {
     "type": "git",
@@ -43,9 +45,11 @@
     "react-stripe-checkout": "^2.6.3",
     "react-toastify": "^4.1.0",
     "request": "^2.87.0",
-    "stripe": "^6.1.1"
+    "stripe": "^6.1.1",
+    "snyk": "^1.189.0"
   },
   "engines": {
     "node": "6.11.x"
-  }
+  },
+  "snyk": true
 }
