diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..e8b47d9 --- /dev/null +++ b/.snyk @@ -0,0 +1,10 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.13.5 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-450202: + - botkit > async > lodash: + patched: '2019-07-04T04:44:26.229Z' + - botkit > twilio > request > form-data > async > lodash: + patched: '2019-07-04T04:44:26.229Z' diff --git a/package.json b/package.json index 8ef852f..fe94a6b 100644 --- a/package.json +++ b/package.json @@ -4,7 +4,9 @@ "description": "A simple slackbot to help the mafia game organizer. The bot uses botkit, which inturn uses slack RTM api to communicate with slack.", "main": "app.js", "scripts": { - "test": "node_modules/.bin/grunt ci" + "test": "node_modules/.bin/grunt ci", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" }, "repository": { "type": "git", @@ -29,7 +31,8 @@ "minimist": "^1.2.0", "random-words": "0.0.1", "shuffle-array": "^1.0.0", - "underscore": "^1.8.3" + "underscore": "^1.8.3", + "snyk": "^1.189.0" }, "devDependencies": { "botkit-mock": "amplicity/BotMock", @@ -41,5 +44,6 @@ "grunt-contrib-watch": "^0.6.1", "grunt-debug-task": "^0.1.8", "grunt-mocha-cli": "^2.0.0" - } + }, + "snyk": true }