From 02a494b2e2f4da1201367fc916587fe9a1e5d952 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sun, 7 Apr 2019 02:25:28 +0000 Subject: [PATCH] fix: .snyk & package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/npm:hoek:20180212 The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/npm:hoek:20180212 --- .snyk | 14 ++++++++++++++ package.json | 12 +++++++++--- 2 files changed, 23 insertions(+), 3 deletions(-) create mode 100644 .snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..ee39004 --- /dev/null +++ b/.snyk @@ -0,0 +1,14 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.13.3 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + 'npm:hoek:20180212': + - expo > websql > sqlite3 > node-pre-gyp > hawk > hoek: + patched: '2019-04-07T02:25:26.014Z' + - expo > websql > sqlite3 > node-pre-gyp > hawk > boom > hoek: + patched: '2019-04-07T02:25:26.014Z' + - expo > websql > sqlite3 > node-pre-gyp > hawk > sntp > hoek: + patched: '2019-04-07T02:25:26.014Z' + - expo > websql > sqlite3 > node-pre-gyp > hawk > cryptiles > boom > hoek: + patched: '2019-04-07T02:25:26.014Z' diff --git a/package.json b/package.json index 3e9fe07..a66724b 100644 --- a/package.json +++ b/package.json @@ -7,13 +7,19 @@ "main": "main.js", "dependencies": { "@expo/ex-navigation": "^2.11.0", - "expo": "16.0.0", + "expo": "27.0.2", "react": "16.0.0-alpha.6", "react-native": "https://github.com/exponent/react-native/archive/sdk-16.0.0.tar.gz", "react-native-keyboard-aware-scroll-view": "^0.2.8", "react-navigation": "git+https://github.com/react-community/react-navigation.git#master", "react-redux": "^5.0.4", "redux": "^3.6.0", - "redux-thunk": "^2.2.0" - } + "redux-thunk": "^2.2.0", + "snyk": "^1.147.4" + }, + "scripts": { + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" + }, + "snyk": true }