From de19fab17e7c3980841d692b4c68730fa482a78d Mon Sep 17 00:00:00 2001
From: Ismo Vuorinen <ismo@ivuorinen.net>
Date: Wed, 6 Aug 2025 11:08:24 +0300
Subject: [PATCH] chore(ci): snyk configuration (#22)

* chore(ci): snyk configuration

* chore: fix editorconfig violations
---
 .editorconfig                  |  2 +-
 .github/workflows/security.yml |  1 -
 .gitignore                     |  1 +
 .snyk                          | 26 +++++---------------------
 Makefile                       |  6 ++++--
 5 files changed, 11 insertions(+), 25 deletions(-)

diff --git a/.editorconfig b/.editorconfig
index 5a9fde0..78b4728 100644
--- a/.editorconfig
+++ b/.editorconfig
@@ -18,7 +18,7 @@ indent_style = space
 indent_size = 2
 max_line_length = 300
 
-[*.md]
+[{*.md,.snyk}]
 indent_style = space
 indent_size = 2
 max_line_length = 200
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index 67bfbd8..8292b0a 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -126,4 +126,3 @@ jobs:
         with:
           fail-on-severity: high
           comment-summary-in-pr: always
-
diff --git a/.gitignore b/.gitignore
index 9b929c4..77fffe3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -23,6 +23,7 @@ Thumbs.db
 
 # Vendor
 go.sum
+/.dccache
 
 /gh-action-readme
 *.out
diff --git a/.snyk b/.snyk
index 60c1a66..db0e33f 100644
--- a/.snyk
+++ b/.snyk
@@ -1,23 +1,7 @@
 # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
-version: v1.25.0
-
-# ignores vulnerabilities until expiry date; change duration by modifying expiry date
-ignore:
-	# Example: ignore a specific vulnerability
-	# SNYK-JS-LODASH-567746:
-	#   - '*':
-	#       reason: No upgrade path available
-	#       expires: 2024-12-31T23:59:59.999Z
-
-# patches apply the minimum changes required to fix a vulnerability
+version: v1.25.1
+ignore: {}
 patch: {}
-
-# Language settings
-language-settings:
-	go:
-		# Enable Go module support
-		enableGoModules: true
-		# Allow minor and patch version upgrades
-		allowedUpgrades:
-			- minor
-			- patch
+exclude:
+  global:
+    - ./testdata/**/*.json
diff --git a/Makefile b/Makefile
index 825f29f..944de9f 100644
--- a/Makefile
+++ b/Makefile
@@ -55,10 +55,11 @@ editorconfig: ## Check EditorConfig compliance
 		-name "*.json" -o \
 		-name "*.md" -o \
 		-name "Makefile" -o \
+		-name ".snyk" -o \
 		-name "*.tmpl" -o \
 		-name "*.adoc" -o \
 		-name "*.sh" \
-	\) -not -path "./.*" -not -path "./gh-action-readme" -not -path "./coverage*" \
+	\) -not -path "./gh-action-readme" -not -path "./coverage*" \
 		-not -path "./testutil.test" -not -path "./test_*" | \
 		xargs eclint check
 
@@ -74,10 +75,11 @@ editorconfig-fix: ## Fix EditorConfig violations
 		-name "*.json" -o \
 		-name "*.md" -o \
 		-name "Makefile" -o \
+		-name ".snyk" -o \
 		-name "*.tmpl" -o \
 		-name "*.adoc" -o \
 		-name "*.sh" \
-	\) -not -path "./.*" -not -path "./gh-action-readme" -not -path "./coverage*" \
+	\) -not -path "./gh-action-readme" -not -path "./coverage*" \
 		-not -path "./testutil.test" -not -path "./test_*" | \
 		xargs eclint fix