feat: upgrade snyk-module

.npmrc

@@ -0,0 +1 @@
+package-lock=false

lib/filter/get-vuln-source.js

@@ -6,7 +6,7 @@ var debug = require('debug')('snyk:policy');
 var resolve = require('snyk-resolve');
 var path = require('path');
 var statSync = require('fs').statSync;
-var moduleToObject = require('snyk-module');
+var { parsePackageString: moduleToObject } = require('snyk-module');
 
 function getVulnSource(vuln, cwd, live) {
   var from = vuln.from.slice(1).map(function (pkg) {

lib/match.js

@@ -6,7 +6,7 @@ module.exports = {
 var debug = require('debug')('snyk:policy');
 var debugPolicy = require('debug')('snyk:protect');
 var semver = require('semver');
-var moduleToObject = require('snyk-module');
+var { parsePackageString: moduleToObject } = require('snyk-module');
 
 // matchPath will take the array of dependencies that a vulnerability came from
 // and try to match it to a string `path`. The path will look like this:

package.json

@@ -27,7 +27,7 @@
     "js-yaml": "^3.13.1",
     "lodash.clonedeep": "^4.5.0",
     "semver": "^6.0.0",
-    "snyk-module": "^1.9.1",
+    "snyk-module": "^2.0.2",
     "snyk-resolve": "^1.0.1",
     "snyk-try-require": "^1.3.1",
     "then-fs": "^2.0.0"