fix: .snyk & package.json to reduce vulnerabilities

The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/npm:lodash:20180130
- https://snyk.io/vuln/npm:tunnel-agent:20170305
This commit is contained in:
curben 2018-09-24 08:27:53 +00:00 committed by curben
parent 7efe6efef1
commit f500d2443d
2 changed files with 36 additions and 3 deletions

27
.snyk Normal file
View File

@ -0,0 +1,27 @@
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.12.0
ignore: {}
# patches apply the minimum changes required to fix a vulnerability
patch:
'npm:lodash:20180130':
- hexo-autonofollow > cheerio > lodash:
patched: '2018-09-24T08:27:51.828Z'
'npm:tunnel-agent:20170305':
- hexo-all-minifier > imagemin-gifsicle > gifsicle > bin-build > download > caw > tunnel-agent:
patched: '2018-09-24T08:27:51.828Z'
- hexo-all-minifier > imagemin-jpegtran > jpegtran-bin > bin-build > download > caw > tunnel-agent:
patched: '2018-09-24T08:27:51.828Z'
- hexo-all-minifier > imagemin-mozjpeg > mozjpeg > bin-build > download > caw > tunnel-agent:
patched: '2018-09-24T08:27:51.828Z'
- hexo-all-minifier > imagemin-optipng > optipng-bin > bin-build > download > caw > tunnel-agent:
patched: '2018-09-24T08:27:51.828Z'
- hexo-all-minifier > imagemin-gifsicle > gifsicle > bin-wrapper > download > caw > tunnel-agent:
patched: '2018-09-24T08:27:51.828Z'
- hexo-all-minifier > imagemin-jpegtran > jpegtran-bin > bin-wrapper > download > caw > tunnel-agent:
patched: '2018-09-24T08:27:51.828Z'
- hexo-all-minifier > imagemin-mozjpeg > mozjpeg > bin-wrapper > download > caw > tunnel-agent:
patched: '2018-09-24T08:27:51.828Z'
- hexo-all-minifier > imagemin-optipng > optipng-bin > bin-wrapper > download > caw > tunnel-agent:
patched: '2018-09-24T08:27:51.828Z'
- hexo-all-minifier > imagemin-pngquant > pngquant-bin > bin-wrapper > download > caw > tunnel-agent:
patched: '2018-09-24T08:27:51.828Z'

View File

@ -16,6 +16,12 @@
"hexo-renderer-ejs": "latest",
"hexo-renderer-stylus": "latest",
"hexo-renderer-marked": "latest",
"hexo-server": "latest"
}
"hexo-server": "latest",
"snyk": "^1.97.1"
},
"scripts": {
"snyk-protect": "snyk protect",
"prepare": "npm run snyk-protect"
},
"snyk": true
}