fix: .snyk & package.json to reduce vulnerabilities

The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:lodash:20180130 - https://snyk.io/vuln/npm:tunnel-agent:20170305
2018-09-24 08:27:53 +00:00 · 2018-09-24 08:27:53 +00:00 · f500d2443d
parent 7efe6efef1
commit f500d2443d
2 changed files with 36 additions and 3 deletions
--- a/.snyk
+++ b/.snyk
@ -0,0 +1,27 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.12.0
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:lodash:20180130':
+    - hexo-autonofollow > cheerio > lodash:
+        patched: '2018-09-24T08:27:51.828Z'
+  'npm:tunnel-agent:20170305':
+    - hexo-all-minifier > imagemin-gifsicle > gifsicle > bin-build > download > caw > tunnel-agent:
+        patched: '2018-09-24T08:27:51.828Z'
+    - hexo-all-minifier > imagemin-jpegtran > jpegtran-bin > bin-build > download > caw > tunnel-agent:
+        patched: '2018-09-24T08:27:51.828Z'
+    - hexo-all-minifier > imagemin-mozjpeg > mozjpeg > bin-build > download > caw > tunnel-agent:
+        patched: '2018-09-24T08:27:51.828Z'
+    - hexo-all-minifier > imagemin-optipng > optipng-bin > bin-build > download > caw > tunnel-agent:
+        patched: '2018-09-24T08:27:51.828Z'
+    - hexo-all-minifier > imagemin-gifsicle > gifsicle > bin-wrapper > download > caw > tunnel-agent:
+        patched: '2018-09-24T08:27:51.828Z'
+    - hexo-all-minifier > imagemin-jpegtran > jpegtran-bin > bin-wrapper > download > caw > tunnel-agent:
+        patched: '2018-09-24T08:27:51.828Z'
+    - hexo-all-minifier > imagemin-mozjpeg > mozjpeg > bin-wrapper > download > caw > tunnel-agent:
+        patched: '2018-09-24T08:27:51.828Z'
+    - hexo-all-minifier > imagemin-optipng > optipng-bin > bin-wrapper > download > caw > tunnel-agent:
+        patched: '2018-09-24T08:27:51.828Z'
+    - hexo-all-minifier > imagemin-pngquant > pngquant-bin > bin-wrapper > download > caw > tunnel-agent:
+        patched: '2018-09-24T08:27:51.828Z'
--- a/package.json
+++ b/package.json
@ -16,6 +16,12 @@
    "hexo-renderer-ejs": "latest",
    "hexo-renderer-stylus": "latest",
    "hexo-renderer-marked": "latest",
-    "hexo-server": "latest"
-  }
-}
+    "hexo-server": "latest",
+    "snyk": "^1.97.1"
+  },
+  "scripts": {
+    "snyk-protect": "snyk protect",
+    "prepare": "npm run snyk-protect"
+  },
+  "snyk": true
+}