fix: package.json, yarn.lock & .snyk to reduce vulnerabilities (#209)

The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:extend:20180424 - https://snyk.io/vuln/npm:minimatch:20160620 Co-authored-by: jamesros <jamesros@boldgrid.com>
BoldGrid · Dec 23, 2020 · 43069fc · 43069fc
1 parent 10c4ba1
commit 43069fc
Show file tree

Hide file tree

Showing 3 changed files with 1,806 additions and 78 deletions.
diff --git a/.snyk b/.snyk
@@ -0,0 +1,23 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.14.1
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:extend:20180424':
+    - Buttons > grunt-saucelabs > requestretry > extend:
+        patched: '2020-06-10T13:36:28.405Z'
+    - Buttons > grunt-saucelabs > requestretry > request > extend:
+        patched: '2020-06-10T13:36:28.405Z'
+    - Buttons > grunt-saucelabs > sauce-tunnel > request > extend:
+        patched: '2020-06-10T13:36:28.405Z'
+    - Buttons > grunt-saucelabs > saucelabs > https-proxy-agent > extend:
+        patched: '2020-06-10T13:36:28.405Z'
+    - Buttons > grunt-saucelabs > saucelabs > https-proxy-agent > agent-base > extend:
+        patched: '2020-06-10T13:36:28.405Z'
+  'npm:minimatch:20160620':
+    - Buttons > grunt > findup-sync > glob > minimatch:
+        patched: '2020-06-10T13:36:28.405Z'
+    - Buttons > grunt > minimatch:
+        patched: '2020-06-10T13:36:28.405Z'
+    - Buttons > grunt > glob > minimatch:
+        patched: '2020-06-10T13:36:28.405Z'
diff --git a/package.json b/package.json
@@ -40,6 +40,8 @@
     "script:tgm": "node build/tgm.mjs",
     "script:wp-textdomain-lint": "node build/check-text-domains.js",
     "script:zip": "node build/build-zip.js",
+    "snyk-protect": "snyk protect",
+    "prepare": "yarn run snyk-protect"
     "build-prime": "git clone https://github.com/boldgrid/prime ../themes/prime && ln -s $(pwd)/boldgrid-theme-framework ../themes/prime/inc/boldgrid-theme-framework"
   },
   "keywords": [
@@ -156,6 +158,8 @@
     "sass.js": "~0.11.1",
     "scssphp": "https://github.com/boldgrid/scssphp.git#master",
     "smartmenus": "^1.1.0",
-    "wow.js": "^1.2.2"
-  }
+    "wow.js": "^1.2.2",
+    "snyk": "^1.338.0"
+  },
+  "snyk": true
 }