From 62dde43f5c400b675881380a6fd606855f8827c1 Mon Sep 17 00:00:00 2001
From: Danail Minchev <danail.minchev@gmail.com>
Date: Fri, 17 Nov 2017 15:00:23 +0000
Subject: [PATCH] Ignore Snyk timespan report -
 https://snyk.io/vuln/npm:timespan:20170907

Transitive dependency pulled in by Forever. Vulnerability does not affect us because it requires a specially-crafted input string and Forever only ever uses input from the system clock.

See:
https://github.com/indexzero/TimeSpan.js/issues/10
https://payments-platform.atlassian.net/browse/PP-2687
---
 .snyk | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/.snyk b/.snyk
index da4eaf35e..8005feeb0 100644
--- a/.snyk
+++ b/.snyk
@@ -1,6 +1,11 @@
 # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
 version: v1.7.0
-ignore: {}
+# ignores vulnerabilities until expiry date; change duration by modifying expiry date
+ignore:
+  'npm:timespan:20170907':
+    - '*':
+        reason: Transitive dependency pulled in by Forever. Vulnerability does not affect us because it requires a specially-crafted input string and Forever only ever uses input from the system clock. See PP-2687.
+        expires: 2017-12-20T00:00:00.000Z
 # patches apply the minimum changes required to fix a vulnerability
 patch:
   'npm:ms:20170412':