From a90c49cd49c22266a83ec741baa4f6f5d90b9a50 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Wed, 5 Oct 2022 22:10:17 +0000
Subject: [PATCH] fix: package.json, package-lock.json & .snyk to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LODASH-1018905
- https://snyk.io/vuln/SNYK-JS-LODASH-1040724
- https://snyk.io/vuln/SNYK-JS-LODASH-450202
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
- https://snyk.io/vuln/SNYK-JS-LODASH-608086
- https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795
- https://snyk.io/vuln/SNYK-JS-MINIMIST-559764


The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
---
 .snyk             |  8 ++++++++
 package-lock.json | 17 +++++++++++------
 package.json      | 13 ++++++++-----
 3 files changed, 27 insertions(+), 11 deletions(-)
 create mode 100644 .snyk

diff --git a/.snyk b/.snyk
new file mode 100644
index 0000000..86e9ef9
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,8 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.0
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-LODASH-567746:
+    - jubatus > lodash:
+        patched: '2022-10-05T22:10:12.909Z'
diff --git a/package-lock.json b/package-lock.json
index d956cbf..67d795c 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -4,6 +4,11 @@
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
+    "@snyk/protect": {
+      "version": "1.1022.0",
+      "resolved": "https://registry.npmjs.org/@snyk/protect/-/protect-1.1022.0.tgz",
+      "integrity": "sha512-ASix6hXE9b3lgWovJjpxkx6W57pyqsB67ISxQIomLUd+XHeDodnhM3nsHJwQj8hVRWZwoHoYmnZKy9DgUg0q8w=="
+    },
     "@types/bluebird": {
       "version": "3.5.20",
       "resolved": "https://registry.npmjs.org/@types/bluebird/-/bluebird-3.5.20.tgz",
@@ -108,14 +113,14 @@
       }
     },
     "lodash": {
-      "version": "4.17.11",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz",
-      "integrity": "sha512-cQKh8igo5QUhZ7lg38DYWAxMvjSAKG0A8wGSVimP07SIUEK2UO+arSRKbRZWtelMtN5V0Hkwh5ryOto/SshYIg=="
+      "version": "4.17.21",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
+      "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg=="
     },
     "minimist": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz",
-      "integrity": "sha1-o1AIsg9BOD7sH7kU9M1d95omQoQ="
+      "version": "1.2.6",
+      "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.6.tgz",
+      "integrity": "sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q=="
     },
     "msgpack-lite": {
       "version": "0.1.26",
diff --git a/package.json b/package.json
index 1c17d61..7b4e43c 100644
--- a/package.json
+++ b/package.json
@@ -5,8 +5,9 @@
   "dependencies": {
     "bluebird": "^3.5.1",
     "jubatus": "^0.9.9",
-    "lodash": "^4.17.11",
-    "minimist": "^1.2.0"
+    "lodash": "^4.17.21",
+    "minimist": "^1.2.6",
+    "@snyk/protect": "latest"
   },
   "repository": {
     "type": "git",
@@ -31,7 +32,9 @@
     "typescript": "^2.8.3"
   },
   "scripts": {
-    "prepare": "tsc",
-    "start": "node ./dist/tutorial.js"
-  }
+    "prepare": "npm run snyk-protect && tsc",
+    "start": "node ./dist/tutorial.js",
+    "snyk-protect": "snyk-protect"
+  },
+  "snyk": true
 }