From 05a42a4d3d8074a8b077d4f575224d528b33c17e Mon Sep 17 00:00:00 2001
From: Spencer Norman <spencern@gmail.com>
Date: Fri, 11 Jan 2019 12:53:29 -0700
Subject: [PATCH] chore: update .snyk config file

---
 .snyk | 31 ++++++++++++++++++++++++++++---
 1 file changed, 28 insertions(+), 3 deletions(-)

diff --git a/.snyk b/.snyk
index 35dc207f22f..24c702edfc0 100644
--- a/.snyk
+++ b/.snyk
@@ -2,14 +2,39 @@
 version: v1.11.0
 # ignores vulnerabilities until expiry date; change duration by modifying expiry date
 ignore:
+  'SNYK-JS-BOOTSTRAP-72889':
+  - bootstrap:
+      reason: We're not going to update to Bootstrap 4 and we don't use Bootstrap JS
+      expires: '2019-12-31T20:23:03.274Z'
+  'SNYK-JS-BOOTSTRAP-72890':
+  - bootstrap:
+      reason: We're not going to update to Bootstrap 4 and we don't use Bootstrap JS. Will re-evaluate once bootstrap is eliminated.
+      expires: '2019-12-31T20:23:03.274Z'
   'npm:bootstrap:20160627':
     - bootstrap:
-      reason: We're not going to update to Bootstrap 4 any time soon
-      expires: '2018-10-26T20:23:03.274Z'
+      reason: We're not going to update to Bootstrap 4 and we don't use Bootstrap JS
+      expires: '2019-12-31T20:23:03.274Z'
+  'npm:bootstrap:20180529':
+      - bootstrap:
+        reason: We're not going to update to Bootstrap 4 and we don't use Bootstrap JS
+        expires: '2019-12-31T20:23:03.274Z'
+  'SNYK-JS-CHOWNR-73502':
+    - '*':
+      reason: "We don't use chownr in an untrusted system where a possible attacker has access to the filesystem where the user script is running chown. chownr is a recursive fs operation and TOCTOU is fundamental to the way it works."
+      expires: '2019-12-31T20:23:03.274Z'
   'npm:chownr:20180731':
     - '*':
       reason: "PR in chownr to resolve issue will require node >= 10.8 https://github.com/isaacs/chownr/pull/15"
-      expires: '2018-09-29T20:23:03.274Z'
+      expires: '2019-12-31T20:23:03.274Z'
   'npm:mem:20180117':
     - '*':
       reason: String of dependencies that need to be updated - oslocale (PR https://github.com/sindresorhus/os-locale/pull/31) followed by yargs then transliteration
+      expires: '2019-01-14T00:00:00.274Z'
+  'npm:braces:20180219':
+    - '*':
+      reason: Low severity issue we'll address as part of our 2.0 final security work.
+      expires: '2019-01-14T00:00:00.274Z'
+  'SNYK-JS-MERGE-72553':
+    - '*':
+      reason: Low severity issue we'll address as part of our 2.0 final security work.
+      expires: '2019-01-14T00:00:00.274Z'
\ No newline at end of file