From 9f05d375938a4687a3ca59131de57dfc01493dc4 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 29 Jun 2018 06:21:02 +0000 Subject: [PATCH] fix: .snyk & package.json to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:mime:20170907 --- .snyk | 10 ++++++++-- package.json | 5 +++-- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/.snyk b/.snyk index 5f8aecf..48ca4e0 100644 --- a/.snyk +++ b/.snyk @@ -1,5 +1,5 @@ # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. -version: v1.7.1 +version: v1.12.0 # ignores vulnerabilities until expiry date; change duration by modifying expiry date ignore: 'npm:shelljs:20140723': @@ -9,4 +9,10 @@ ignore: - shelljs: reason: None given expires: '2017-06-30T13:00:15.923Z' -patch: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:mime:20170907': + - redwrap > request > mime: + patched: '2018-06-29T06:21:00.982Z' + - redwrap > request > form-data > mime: + patched: '2018-06-29T06:21:00.982Z' diff --git a/package.json b/package.json index ca8fa84..83572c9 100644 --- a/package.json +++ b/package.json @@ -7,7 +7,8 @@ "test": "echo \"Error: no test specified\" && exit 1", "start": "babel-node index.js", "snyk-protect": "snyk protect", - "prepublish": "npm run snyk-protect" + "prepublish": "npm run snyk-protect", + "prepare": "npm run snyk-protect" }, "author": "", "license": "ISC", @@ -18,7 +19,7 @@ "redwrap": "0.0.4", "shelljs": "0.7.5", "youtube-dl": "1.11.1", - "snyk": "^1.32.0" + "snyk": "^1.87.0" }, "snyk": true }