fix: .snyk & package.json to reduce vulnerabilities

snyk-bot · mikaelvesavuori · commit 92703529f273 · 2020-05-10T10:19:54.000+02:00
The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-LODASH-567746 - https://snyk.io/vuln/npm:debug:20170905 - https://snyk.io/vuln/npm:ms:20170412
diff --git a/.snyk b/.snyk
@@ -0,0 +1,22 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.14.1
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:debug:20170905':
+    - serverless > @serverless/components > @serverless/platform-client-china > @serverless/utils-china > socket.io-stream > debug:
+        patched: '2020-05-10T08:19:52.569Z'
+  SNYK-JS-LODASH-567746:
+    - serverless > @serverless/components > graphlib > lodash:
+        patched: '2020-05-10T08:19:52.569Z'
+    - serverless > @serverless/components > @serverless/inquirer > inquirer > lodash:
+        patched: '2020-05-10T08:19:52.569Z'
+    - serverless > @serverless/components > @serverless/platform-client-china > @serverless/utils-china > winston > async > lodash:
+        patched: '2020-05-10T08:19:52.569Z'
+    - serverless > @serverless/enterprise-plugin > dependency-tree > precinct > detective-typescript > @typescript-eslint/typescript-estree > lodash:
+        patched: '2020-05-10T08:19:52.569Z'
+    - serverless > @serverless/components > @serverless/platform-client-china > @serverless/utils-china > @tencent-sdk/capi > request-promise-native > request-promise-core > lodash:
+        patched: '2020-05-10T08:19:52.569Z'
+  'npm:ms:20170412':
+    - serverless > @serverless/components > @serverless/platform-client-china > @serverless/utils-china > socket.io-stream > debug > ms:
+        patched: '2020-05-10T08:19:52.569Z'
