From 128adec2f519a450ea8de4714d8ea9372083f0c2 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 6 May 2020 22:11:39 +0100 Subject: [PATCH 1/2] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- package.json | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index 7917d14..4f7b7df 100644 --- a/package.json +++ b/package.json @@ -7,7 +7,8 @@ "csv": "^5.1.1", "csv-parse": "latest", "tinyqueue": "^2.0.0", - "winston": "^3.2.1" + "winston": "^3.2.1", + "snyk": "^1.319.1" }, "description": "Machine learning library", "devDependencies": { @@ -46,5 +47,10 @@ "type": "git", "url": "https://github.com/nl253/ML" }, - "version": "0.0.1" + "version": "0.0.1", + "scripts": { + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" + }, + "snyk": true } From 286ca2ada055f3419f82280c0c848aa392ea75fb Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 6 May 2020 22:11:40 +0100 Subject: [PATCH 2/2] fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 --- .snyk | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..c320a76 --- /dev/null +++ b/.snyk @@ -0,0 +1,14 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.14.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - eslint > lodash: + patched: '2020-05-06T21:11:37.230Z' + - eslint > inquirer > lodash: + patched: '2020-05-06T21:11:37.230Z' + - eslint > table > lodash: + patched: '2020-05-06T21:11:37.230Z' + - winston > async > lodash: + patched: '2020-05-06T21:11:37.230Z'