From cc01ada4487feda47107df854d9274be5a912c65 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 4 Dec 2018 00:40:26 +0000 Subject: [PATCH] fix: .snyk & package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/npm:cryptiles:20180710 - https://snyk.io/vuln/npm:deep-extend:20180409 - https://snyk.io/vuln/npm:diff:20180305 - https://snyk.io/vuln/npm:extend:20180424 - https://snyk.io/vuln/npm:hoek:20180212 - https://snyk.io/vuln/npm:lodash:20180130 - https://snyk.io/vuln/npm:sshpk:20180409 - https://snyk.io/vuln/npm:stringstream:20180511 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:lodash:20180130 --- .snyk | 8 ++++++++ package.json | 12 ++++++++---- 2 files changed, 16 insertions(+), 4 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..acedbfe --- /dev/null +++ b/.snyk @@ -0,0 +1,8 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.13.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:lodash:20180130': + - generator-jhipster > html-wiring > cheerio > lodash: + patched: '2018-12-04T00:40:24.556Z' diff --git a/package.json b/package.json index 4505ef8..0f719ed 100644 --- a/package.json +++ b/package.json @@ -22,11 +22,12 @@ }, "dependencies": { "chalk": "1.1.3", - "generator-jhipster": ">=4.6.0", + "generator-jhipster": ">5.0.0", "mkdirp": "0.5.1", "semver": "5.3.0", "shelljs": "0.5.3", - "yeoman-generator": "2.0.5" + "yeoman-generator": "2.0.5", + "snyk": "^1.113.0" }, "devDependencies": { "eslint": "3.17.1", @@ -50,10 +51,13 @@ "yeoman-test": "1.6.0" }, "scripts": { - "test": "mocha test/*" + "test": "mocha test/*", + "snyk-protect": "snyk protect", + "prepare": "npm run snyk-protect" }, "license": "Apache-2.0", "bugs": { "url": "https://github.com/ryandawsonuk/generator-jhipster-activiti/issues" - } + }, + "snyk": true }