diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..cd9a118 --- /dev/null +++ b/.snyk @@ -0,0 +1,8 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.25.0 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:lodash:20180130': + - waterline-sequel > lodash: + patched: '2022-07-21T01:10:48.106Z' diff --git a/package.json b/package.json index 729cfa3..985257a 100644 --- a/package.json +++ b/package.json @@ -27,7 +27,8 @@ "mysql": "~2.6.1", "waterline-cursor": "~0.0.5", "waterline-errors": "~0.10.0", - "waterline-sequel": "git+https://github.com/postmanlabs/waterline-sequel.git#v0.5.1-postman.3" + "waterline-sequel": "git+https://github.com/postmanlabs/waterline-sequel.git#v0.5.1-postman.3", + "@snyk/protect": "latest" }, "devDependencies": { "expect.js": "^0.3.1", @@ -40,6 +41,9 @@ }, "scripts": { "postinstall": "scripts/postinstall.sh", - "test": "scripts/test.sh" - } + "test": "scripts/test.sh", + "prepublish": "npm run snyk-protect", + "snyk-protect": "snyk-protect" + }, + "snyk": true }