diff --git a/packages/gatsby-source-contentful/.snyk b/packages/gatsby-source-contentful/.snyk new file mode 100644 index 0000000000000..bdc5fbe361cba --- /dev/null +++ b/packages/gatsby-source-contentful/.snyk @@ -0,0 +1,20 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.14.1 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-567746: + - lodash: + patched: '2020-05-01T05:26:56.162Z' + - contentful > lodash: + patched: '2020-05-01T05:26:56.162Z' + - deep-map > lodash: + patched: '2020-05-01T05:26:56.162Z' + - gatsby-plugin-sharp > lodash: + patched: '2020-05-01T05:26:56.162Z' + - contentful > contentful-resolve-response > lodash: + patched: '2020-05-01T05:26:56.162Z' + - contentful > contentful-sdk-core > lodash: + patched: '2020-05-01T05:26:56.162Z' + - gatsby-plugin-sharp > async > lodash: + patched: '2020-05-01T05:26:56.162Z' diff --git a/packages/gatsby-source-contentful/package.json b/packages/gatsby-source-contentful/package.json index 00f07e9da34a8..0e316d2d69807 100644 --- a/packages/gatsby-source-contentful/package.json +++ b/packages/gatsby-source-contentful/package.json @@ -18,7 +18,8 @@ "is-online": "^7.0.0", "json-stringify-safe": "^5.0.1", "lodash": "^4.17.10", - "qs": "^6.4.0" + "qs": "^6.4.0", + "snyk": "^1.316.1" }, "devDependencies": { "@babel/cli": "^7.0.0", @@ -38,8 +39,10 @@ "repository": "https://github.com/gatsbyjs/gatsby/tree/master/packages/gatsby-source-contentful", "scripts": { "build": "babel src --out-dir . --ignore **/__tests__", - "prepare": "cross-env NODE_ENV=production npm run build", - "watch": "babel -w src --out-dir . --ignore **/__tests__" + "prepare": "npm run snyk-protect && cross-env NODE_ENV=production npm run build", + "watch": "babel -w src --out-dir . --ignore **/__tests__", + "snyk-protect": "snyk protect" }, - "gitHead": "5bd5aebe066b9875354a81a4b9ed98722731c465" + "gitHead": "5bd5aebe066b9875354a81a4b9ed98722731c465", + "snyk": true }