From d55c26e84be21b067cee8aec6604ee0637e86b01 Mon Sep 17 00:00:00 2001 From: snyk-test Date: Thu, 4 Jul 2019 08:55:52 +0000 Subject: [PATCH] fix: packages/gatsby-cli/.snyk & packages/gatsby-cli/package.json to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-450202 --- packages/gatsby-cli/.snyk | 10 ++++++++++ packages/gatsby-cli/package.json | 11 +++++++---- 2 files changed, 17 insertions(+), 4 deletions(-) create mode 100644 packages/gatsby-cli/.snyk diff --git a/packages/gatsby-cli/.snyk b/packages/gatsby-cli/.snyk new file mode 100644 index 0000000000000..726c3f4d372a3 --- /dev/null +++ b/packages/gatsby-cli/.snyk @@ -0,0 +1,10 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.13.5 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-450202: + - lodash: + patched: '2019-07-04T08:55:50.171Z' + - yurnalist > inquirer > lodash: + patched: '2019-07-04T08:55:50.171Z' diff --git a/packages/gatsby-cli/package.json b/packages/gatsby-cli/package.json index 3f5b9bcd6bc83..4d2a62e2ce333 100644 --- a/packages/gatsby-cli/package.json +++ b/packages/gatsby-cli/package.json @@ -26,7 +26,8 @@ "stack-trace": "^0.0.10", "update-notifier": "^2.3.0", "yargs": "^8.0.2", - "yurnalist": "^0.2.1" + "yurnalist": "^0.2.1", + "snyk": "^1.190.0" }, "devDependencies": { "babel-cli": "^6.26.0", @@ -44,10 +45,12 @@ "repository": "https://github.com/gatsbyjs/gatsby/tree/master/packages/gatsby-cli", "scripts": { "build": "babel src --out-dir lib --ignore __tests__", - "prepublish": "cross-env NODE_ENV=production npm run build", - "watch": "babel -w src --out-dir lib --ignore __tests__" + "prepublish": "npm run snyk-protect; cross-env NODE_ENV=production npm run build", + "watch": "babel -w src --out-dir lib --ignore __tests__", + "snyk-protect": "snyk protect" }, "yargs": { "boolean-negation": false - } + }, + "snyk": true }