fix: package.json, package-lock.json & .snyk to reduce vulnerabilities (

#53) The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746
Skitionek · Feb 2, 2023 · 3c11469 · 3c11469
1 parent 24849a2
commit 3c11469
Show file tree

Hide file tree

Showing 3 changed files with 85 additions and 68 deletions.
diff --git a/.snyk b/.snyk
@@ -0,0 +1,8 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.0
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-LODASH-567746:
+    - botbuilder > botbuilder-core > botframework-connector > adal-node > async > lodash:
+        patched: '2023-02-02T13:31:43.660Z'
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,79 +1,83 @@
 {
-  "name"           : "@skitionek/notify-microsoft-teams",
-  "version"        : "v1.0.0",
-  "description"    : "Microsoft Teams Notification for Github Actions",
-  "main"           : "dist/index.js",
-	"publishConfig": {
-	  "registry":"https://npm.pkg.github.com/skitionek"
-	},
-  "scripts"        : {
-	"package": "ncc build src -o dist",
-	"lint"   : "eslint src/index.js",
-	"test"   : "npm run lint && jest"
+  "name": "@skitionek/notify-microsoft-teams",
+  "version": "v1.0.0",
+  "description": "Microsoft Teams Notification for Github Actions",
+  "main": "dist/index.js",
+  "publishConfig": {
+    "registry": "https://npm.pkg.github.com/skitionek"
   },
-  "repository"     : {
-	"type": "git",
-	"url" : "git+https://github.com/Skitionek/notify-microsoft-teams.git"
+  "scripts": {
+    "package": "ncc build src -o dist",
+    "lint": "eslint src/index.js",
+    "test": "npm run lint && jest",
+    "prepare": "npm run snyk-protect",
+    "snyk-protect": "snyk-protect"
   },
-  "husky"          : {
-	"hooks": {
-	  "pre-commit": "npm run package && git add dist/index.js"
-	}
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/Skitionek/notify-microsoft-teams.git"
   },
-  "keywords"       : [
-	"GitHub",
-	"Actions",
-	"JavaScript"
+  "husky": {
+    "hooks": {
+      "pre-commit": "npm run package && git add dist/index.js"
+    }
+  },
+  "keywords": [
+    "GitHub",
+    "Actions",
+    "JavaScript"
   ],
-  "author"         : "GitHub",
-  "license"        : "MIT",
-  "bugs"           : {
-	"url": "https://github.com/Skitionek/notify-microsoft-teams/issues"
+  "author": "GitHub",
+  "license": "MIT",
+  "bugs": {
+    "url": "https://github.com/Skitionek/notify-microsoft-teams/issues"
   },
-  "homepage"       : "https://github.com/Skitionek/notify-microsoft-teams#readme",
-  "dependencies"   : {
-	"@actions/core"   : "^1.9.1",
-	"@octokit/rest"   : "^17.11.2",
-	"botbuilder"      : "^4.19.0",
-	"lodash.merge"    : "^4.6.2",
-	"ms-teams-webhook": "^1.0.4"
+  "homepage": "https://github.com/Skitionek/notify-microsoft-teams#readme",
+  "dependencies": {
+    "@actions/core": "^1.9.1",
+    "@octokit/rest": "^17.11.2",
+    "botbuilder": "^4.19.0",
+    "lodash.merge": "^4.6.2",
+    "ms-teams-webhook": "^1.0.4",
+    "@snyk/protect": "latest"
   },
   "devDependencies": {
-	"@actions/github"                        : "^2.1.1",
-	"@babel/cli"                             : "^7.8.4",
-	"@babel/core"                            : "^7.9.0",
-	"@babel/plugin-proposal-class-properties": "^7.8.3",
-	"@babel/preset-env"                      : "^7.9.5",
-	"@semantic-release/changelog"            : "^5.0.1",
-	"@semantic-release/git"                  : "^9.0.0",
-	"@zeit/ncc"                              : "^0.20.5",
-	"eslint"                                 : "^6.3.0",
-	"husky"                                  : "^4.2.5",
-	"jest"                                   : "^24.9.0"
+    "@actions/github": "^2.1.1",
+    "@babel/cli": "^7.8.4",
+    "@babel/core": "^7.9.0",
+    "@babel/plugin-proposal-class-properties": "^7.8.3",
+    "@babel/preset-env": "^7.9.5",
+    "@semantic-release/changelog": "^5.0.1",
+    "@semantic-release/git": "^9.0.0",
+    "@zeit/ncc": "^0.20.5",
+    "eslint": "^6.3.0",
+    "husky": "^4.2.5",
+    "jest": "^24.9.0"
+  },
+  "release": {
+    "plugins": [
+      "@semantic-release/commit-analyzer",
+      "@semantic-release/release-notes-generator",
+      "@semantic-release/github",
+      "@semantic-release/changelog",
+      "@semantic-release/git"
+    ],
+    "branch": "master"
   },
-  "release"        : {
-	"plugins": [
-	  "@semantic-release/commit-analyzer",
-	  "@semantic-release/release-notes-generator",
-	  "@semantic-release/github",
-	  "@semantic-release/changelog",
-	  "@semantic-release/git"
-	],
-	"branch" : "master"
+  "babel": {
+    "plugins": [
+      "@babel/plugin-proposal-class-properties"
+    ],
+    "presets": [
+      [
+        "@babel/preset-env",
+        {
+          "targets": {
+            "node": "16"
+          }
+        }
+      ]
+    ]
   },
-  "babel"          : {
-	"plugins": [
-	  "@babel/plugin-proposal-class-properties"
-	],
-	"presets": [
-	  [
-		"@babel/preset-env",
-		{
-		  "targets": {
-			"node": "16"
-		  }
-		}
-	  ]
-	]
-  }
+  "snyk": true
 }