fix: package.json & .snyk to reduce vulnerabilities (lisong#66)

The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/npm:ms:20170412

Latest report for lisong/code-push-server:
https://snyk.io/test/github/lisong/code-push-server

Author: snyk-bot

.snyk

@@ -0,0 +1,10 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.7.0
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:ms:20170412':
+    - extract-zip > debug > ms:
+        patched: '2017-05-23T03:00:06.406Z'
+    - morgan > debug > ms:
+        patched: '2017-05-23T03:00:06.406Z'

package.json

@@ -35,7 +35,9 @@
     "upgrade": "node ./bin/db upgrade",
     "test": "make test",
     "test-win": "mocha test/api/init test/api/users test/api/auth test/api/account test/api/accessKeys test/api/sessions test/api/apps test/api/index --recursive --timeout 15000",
-    "coverage": "make coverage"
+    "coverage": "make coverage",
+    "snyk-protect": "snyk protect",
+    "prepublish": "npm run snyk-protect"
   },
   "dependencies": {
     "aliyun-oss-upload-stream": "^1.3.0",
@@ -71,7 +73,8 @@
     "slash": "^1.0.0",
     "validator": "^7.0.0",
     "yargs": "^6.2.0",
-    "yazl": "^2.3.0"
+    "yazl": "^2.3.0",
+    "snyk": "^1.30.1"
   },
   "devDependencies": {
     "istanbul": "^0.4.5",
@@ -93,5 +96,6 @@
     "app.js",
     "README.md",
     "LICENSE"
-  ]
+  ],
+  "snyk": true
 }