fix: package.json & .snyk to reduce vulnerabilities

The following vulnerabilities are ignored: - https://snyk.io/vuln/npm:marked:20170907 - https://snyk.io/vuln/npm:shelljs:20140723 Latest report for coralproject/talk: https://snyk.io/test/github/coralproject/talk
2026-07-01 01:44:43 +08:00 · 2017-10-18 15:49:54 +00:00
parent 82d0d427ec
commit b362da56ab
2 changed files with 17 additions and 2 deletions
@@ -1,6 +1,21 @@
 # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
 version: v1.7.1
-ignore: {}
+# ignores vulnerabilities until expiry date; change duration by modifying expiry date
+ignore:
+  'npm:marked:20170907':
+    - marked:
+        reason: None given
+        expires: '2017-11-17T15:49:54.237Z'
+    - graphql-docs > marked:
+        reason: None given
+        expires: '2017-11-17T15:49:54.237Z'
+    - simplemde > marked:
+        reason: None given
+        expires: '2017-11-17T15:49:54.237Z'
+  'npm:shelljs:20140723':
+    - react-mdl-selectfield > @kadira/storybook-deployer > shelljs:
+        reason: None given
+        expires: '2017-11-17T15:49:54.237Z'
 # patches apply the minimum changes required to fix a vulnerability
 patch:
  'npm:marked:20170112':
@@ -186,7 +186,7 @@
    "webpack-sources": "^1.0.1",
    "yaml-loader": "^0.4.0",
    "yamljs": "^0.2.10",
-    "snyk": "^1.42.5"
+    "snyk": "^1.43.0"
  },
  "devDependencies": {
    "@coralproject/eslint-config-talk": "^0.0.4",