diff --git a/addons/storysource/.snyk b/addons/storysource/.snyk new file mode 100644 index 000000000000..957b1bd2b506 --- /dev/null +++ b/addons/storysource/.snyk @@ -0,0 +1,16 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.13.5 +ignore: {} +# patches apply the minimum changes required to fix a vulnerability +patch: + SNYK-JS-LODASH-450202: + - '@storybook/addons > @storybook/api > lodash': + patched: '2019-07-03T21:46:54.655Z' + - '@storybook/theming > @emotion/styled > babel-plugin-emotion > @babel/helper-module-imports > @babel/types > lodash': + patched: '2019-07-03T21:46:54.655Z' + - '@storybook/components > @storybook/theming > @emotion/styled > babel-plugin-emotion > @babel/helper-module-imports > @babel/types > lodash': + patched: '2019-07-03T21:46:54.655Z' + - '@storybook/addons > @storybook/api > @storybook/theming > @emotion/styled > babel-plugin-emotion > @babel/helper-module-imports > @babel/types > lodash': + patched: '2019-07-03T21:46:54.655Z' + - '@storybook/addons > @storybook/api > @storybook/theming > @emotion/core > @emotion/css > babel-plugin-emotion > @babel/helper-module-imports > @babel/types > lodash': + patched: '2019-07-03T21:46:54.655Z' diff --git a/addons/storysource/package.json b/addons/storysource/package.json index 621348369b8e..3c12a705d25f 100644 --- a/addons/storysource/package.json +++ b/addons/storysource/package.json @@ -19,7 +19,9 @@ "main": "dist/index.js", "jsnext:main": "src/index.js", "scripts": { - "prepare": "node ../../scripts/prepare.js" + "prepare": "node ../../scripts/prepare.js", + "snyk-protect": "snyk protect", + "prepublish": "npm run snyk-protect" }, "dependencies": { "@storybook/addons": "5.1.9", @@ -32,12 +34,14 @@ "prettier": "^1.16.4", "prop-types": "^15.7.2", "react-syntax-highlighter": "^8.0.1", - "regenerator-runtime": "^0.12.1" + "regenerator-runtime": "^0.12.1", + "snyk": "^1.189.0" }, "peerDependencies": { "react": "*" }, "publishConfig": { "access": "public" - } + }, + "snyk": true }