diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..5021f87 --- /dev/null +++ b/.snyk @@ -0,0 +1,8 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.7.0 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:ws:20160920': + - kurento-jsonrpc > ws: + patched: '2017-03-09T16:01:50.985Z' diff --git a/package.json b/package.json index a5d722d..d055b64 100644 --- a/package.json +++ b/package.json @@ -17,7 +17,9 @@ "coveralls": "scripts/coveralls", "coverallsBrowser": "scripts/coveralls -- testBrowser", "test": "scripts/test", - "testBrowser": "scripts/testBrowser" + "testBrowser": "scripts/testBrowser", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" }, "repository": { "type": "git", @@ -43,7 +45,8 @@ "kurento-client-filters": "Kurento/kurento-client-filters-js#master", "kurento-jsonrpc": "5.0.4", "promisecallback": "0.0.4", - "reconnect-ws": "KurentoForks/reconnect-ws" + "reconnect-ws": "KurentoForks/reconnect-ws", + "snyk": "^1.25.2" }, "devDependencies": { "bower": "~1.4.1", @@ -71,5 +74,6 @@ "selenium-webdriver": "^2.46.1", "xml2js": "^0.4.9", "wock": "^0.1.1" - } + }, + "snyk": true }