-
Notifications
You must be signed in to change notification settings - Fork 15
/
.snyk
25 lines (25 loc) · 1.17 KB
/
.snyk
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.13.5
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
'npm:braces:20180219':
- forever > forever-monitor > chokidar > anymatch > micromatch > braces:
reason: low risk
expires: '2018-06-16T13:51:08.683Z'
- nunjucks > chokidar > anymatch > micromatch > braces:
reason: low risk
expires: '2018-06-16T13:51:08.684Z'
'npm:timespan:20170907':
- forever > timespan:
reason: >-
Transitive dependency pulled in by Forever. Vulnerability does not
affect us because it requires a specially-crafted input string and
Forever only ever uses input from the system clock. See PP-2687.
expires: '2018-06-16T13:51:08.684Z'
# patches apply the minimum changes required to fix a vulnerability
patch:
SNYK-JS-HTTPSPROXYAGENT-469131:
- appmetrics > ibmapm-embed > ibmapm-restclient > https-proxy-agent:
patched: '2019-10-09T15:37:28.409Z'
- appmetrics-statsd > appmetrics > ibmapm-embed > ibmapm-restclient > https-proxy-agent:
patched: '2019-10-09T15:37:28.409Z'