fix(synk): New fixes for 2 vulnerable dependency paths (#16521)

* fix: package.json & .snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:uglify-js:20151024 Latest report for freecodecamp/freecodecamp: https://snyk.io/test/github/freecodecamp/freecodecamp Some vulnerabilities weren't fixed or ignored, and so will still fail the Snyk test report. * chore(package): remove snyk autopatch Cause it's slow AF
2018-01-18 04:38:04 +02:00
parent 167b609853
commit 6e78cd30d4
2 changed files with 4 additions and 2 deletions
--- a/.snyk
+++ b/.snyk
@ -1,5 +1,5 @@
 # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
-version: v1.7.1
+version: v1.10.1
 ignore: {}
 # patches apply the minimum changes required to fix a vulnerability
 patch:
@ -76,6 +76,8 @@ patch:
        patched: '2016-07-29T23:00:15.905Z'
    - jade > transformers > uglify-js:
        patched: '2016-09-20T18:38:48.774Z'
+    - jade > transformers > uglify-js:
+        patched: '2018-01-18T00:49:18.512Z'
  'npm:uglify-js:20150824':
    - jade > transformers > uglify-js:
        patched: '2016-07-29T23:00:15.905Z'
--- a/package.json
+++ b/package.json
@ -131,7 +131,7 @@
    "rx": "~4.0.8",
    "rx-dom": "^7.0.3",
    "sanitize-html": "^1.11.1",
-    "snyk": "^1.30.1",
+    "snyk": "^1.68.1",
    "store": "git+https://github.com/berkeleytrue/store.js.git#feature/noop-server",
    "uuid": "^3.0.1",
    "validator": "^8.2.0"