From ea77ca09ea32ecdd6d2edff312fc071f120e1185 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Fri, 29 Mar 2024 16:31:50 +0000
Subject: [PATCH] fix: package.json & .snyk to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ADMZIP-1065796
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-BABELTRAVERSE-5962463
- https://snyk.io/vuln/SNYK-JS-DECODEURICOMPONENT-3149970
- https://snyk.io/vuln/SNYK-JS-DICER-2311764
- https://snyk.io/vuln/SNYK-JS-DUSTJSLINKEDIN-1089257
- https://snyk.io/vuln/SNYK-JS-EJS-1049328
- https://snyk.io/vuln/SNYK-JS-EJS-2803307
- https://snyk.io/vuln/SNYK-JS-EXPRESS-6474509
- https://snyk.io/vuln/SNYK-JS-EXPRESSFILEUPLOAD-473997
- https://snyk.io/vuln/SNYK-JS-EXPRESSFILEUPLOAD-595969
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1056767
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1279029
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-469063
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-480388
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534478
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534988
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-567742
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
- https://snyk.io/vuln/SNYK-JS-INI-1048974
- https://snyk.io/vuln/SNYK-JS-ISTANBULREPORTS-2328088
- https://snyk.io/vuln/SNYK-JS-JQUERY-174006
- https://snyk.io/vuln/SNYK-JS-JQUERY-565129
- https://snyk.io/vuln/SNYK-JS-JQUERY-567880
- https://snyk.io/vuln/SNYK-JS-KERBEROS-568900
- https://snyk.io/vuln/SNYK-JS-KINDOF-537849
- https://snyk.io/vuln/SNYK-JS-LODASH-1018905
- https://snyk.io/vuln/SNYK-JS-LODASH-1040724
- https://snyk.io/vuln/SNYK-JS-LODASH-450202
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
- https://snyk.io/vuln/SNYK-JS-LODASH-608086
- https://snyk.io/vuln/SNYK-JS-LODASH-73638
- https://snyk.io/vuln/SNYK-JS-LODASH-73639
- https://snyk.io/vuln/SNYK-JS-MARKED-174116
- https://snyk.io/vuln/SNYK-JS-MARKED-2342073
- https://snyk.io/vuln/SNYK-JS-MARKED-2342082
- https://snyk.io/vuln/SNYK-JS-MARKED-451540
- https://snyk.io/vuln/SNYK-JS-MARKED-584281
- https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818
- https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795
- https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
- https://snyk.io/vuln/SNYK-JS-MIXINDEEP-450212
- https://snyk.io/vuln/SNYK-JS-MOMENT-2440688
- https://snyk.io/vuln/SNYK-JS-MONGODB-473855
- https://snyk.io/vuln/SNYK-JS-MONGOOSE-1086688
- https://snyk.io/vuln/SNYK-JS-MONGOOSE-2961688
- https://snyk.io/vuln/SNYK-JS-MONGOOSE-472486
- https://snyk.io/vuln/SNYK-JS-MONGOOSE-5777721
- https://snyk.io/vuln/SNYK-JS-MPATH-1577289
- https://snyk.io/vuln/SNYK-JS-MQUERY-1050858
- https://snyk.io/vuln/SNYK-JS-MQUERY-1089718
- https://snyk.io/vuln/SNYK-JS-QS-3153490
- https://snyk.io/vuln/SNYK-JS-REQUEST-3361831
- https://snyk.io/vuln/SNYK-JS-SETVALUE-1540541
- https://snyk.io/vuln/SNYK-JS-SETVALUE-450213
- https://snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873
- https://snyk.io/vuln/SNYK-JS-TYPEORM-590152
- https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984
- https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660
- https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090599
- https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090600
- https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090601
- https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090602
- https://snyk.io/vuln/SNYK-JS-XML2JS-5414874
- https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381
- https://snyk.io/vuln/npm:adm-zip:20180415
- https://snyk.io/vuln/npm:debug:20170905
- https://snyk.io/vuln/npm:dustjs-linkedin:20160819
- https://snyk.io/vuln/npm:ejs:20161128
- https://snyk.io/vuln/npm:ejs:20161130
- https://snyk.io/vuln/npm:ejs:20161130-1
- https://snyk.io/vuln/npm:fresh:20170908
- https://snyk.io/vuln/npm:jquery:20150627
- https://snyk.io/vuln/npm:lodash:20180130
- https://snyk.io/vuln/npm:marked:20150520
- https://snyk.io/vuln/npm:marked:20170112
- https://snyk.io/vuln/npm:marked:20170815
- https://snyk.io/vuln/npm:marked:20170815-1
- https://snyk.io/vuln/npm:marked:20170907
- https://snyk.io/vuln/npm:marked:20180225
- https://snyk.io/vuln/npm:mem:20180117
- https://snyk.io/vuln/npm:mime:20170907
- https://snyk.io/vuln/npm:moment:20161019
- https://snyk.io/vuln/npm:moment:20170905
- https://snyk.io/vuln/npm:mongoose:20160116
- https://snyk.io/vuln/npm:ms:20151024
- https://snyk.io/vuln/npm:ms:20170412
- https://snyk.io/vuln/npm:negotiator:20160616
- https://snyk.io/vuln/npm:npmconf:20180512
- https://snyk.io/vuln/npm:qs:20170213
- https://snyk.io/vuln/npm:semver:20150403
- https://snyk.io/vuln/npm:st:20140206
- https://snyk.io/vuln/npm:st:20171013


The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
---
 .snyk        | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 package.json | 52 ++++++++++++++++++++++++++++------------------------
 2 files changed, 80 insertions(+), 24 deletions(-)
 create mode 100644 .snyk

diff --git a/.snyk b/.snyk
new file mode 100644
index 0000000000..8c28f44d1f
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,52 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.1
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-LODASH-567746:
+    - tap > nyc > istanbul-lib-instrument > babel-types > lodash:
+        patched: '2024-03-29T16:31:43.173Z'
+        id: SNYK-JS-LODASH-567746
+        path: tap > nyc > istanbul-lib-instrument > babel-types > lodash
+    - tap > nyc > istanbul-lib-instrument > babel-generator > lodash:
+        patched: '2024-03-29T16:31:43.173Z'
+        id: SNYK-JS-LODASH-567746
+        path: tap > nyc > istanbul-lib-instrument > babel-generator > lodash
+    - tap > nyc > istanbul-lib-instrument > babel-traverse > lodash:
+        patched: '2024-03-29T16:31:43.173Z'
+        id: SNYK-JS-LODASH-567746
+        path: tap > nyc > istanbul-lib-instrument > babel-traverse > lodash
+    - tap > nyc > istanbul-lib-instrument > babel-template > lodash:
+        patched: '2024-03-29T16:31:43.173Z'
+        id: SNYK-JS-LODASH-567746
+        path: tap > nyc > istanbul-lib-instrument > babel-template > lodash
+    - tap > nyc > istanbul-lib-instrument > babel-generator > babel-types > lodash:
+        patched: '2024-03-29T16:31:43.173Z'
+        id: SNYK-JS-LODASH-567746
+        path: >-
+          tap > nyc > istanbul-lib-instrument > babel-generator > babel-types >
+          lodash
+    - tap > nyc > istanbul-lib-instrument > babel-traverse > babel-types > lodash:
+        patched: '2024-03-29T16:31:43.173Z'
+        id: SNYK-JS-LODASH-567746
+        path: >-
+          tap > nyc > istanbul-lib-instrument > babel-traverse > babel-types >
+          lodash
+    - tap > nyc > istanbul-lib-instrument > babel-template > babel-types > lodash:
+        patched: '2024-03-29T16:31:43.173Z'
+        id: SNYK-JS-LODASH-567746
+        path: >-
+          tap > nyc > istanbul-lib-instrument > babel-template > babel-types >
+          lodash
+    - tap > nyc > istanbul-lib-instrument > babel-template > babel-traverse > lodash:
+        patched: '2024-03-29T16:31:43.173Z'
+        id: SNYK-JS-LODASH-567746
+        path: >-
+          tap > nyc > istanbul-lib-instrument > babel-template > babel-traverse
+          > lodash
+    - tap > nyc > istanbul-lib-instrument > babel-template > babel-traverse > babel-types > lodash:
+        patched: '2024-03-29T16:31:43.173Z'
+        id: SNYK-JS-LODASH-567746
+        path: >-
+          tap > nyc > istanbul-lib-instrument > babel-template > babel-traverse
+          > babel-types > lodash
diff --git a/package.json b/package.json
index 755181715a..02c55a51fe 100644
--- a/package.json
+++ b/package.json
@@ -12,46 +12,50 @@
     "start": "NODE_OPTIONS=--openssl-legacy-provider node app.js",
     "build": "browserify -r jquery > public/js/bundle.js",
     "cleanup": "mongo express-todo --eval 'db.todos.remove({});'",
-    "test": "snyk test"
+    "test": "snyk test",
+    "prepare": "npm run snyk-protect",
+    "snyk-protect": "snyk-protect"
   },
   "dependencies": {
-    "adm-zip": "0.4.11",
-    "body-parser": "1.9.0",
-    "cfenv": "^1.0.4",
+    "adm-zip": "0.5.2",
+    "body-parser": "1.19.2",
+    "cfenv": "^1.2.4",
     "consolidate": "0.14.5",
     "dustjs-helpers": "1.5.0",
-    "dustjs-linkedin": "2.5.0",
-    "ejs": "1.0.0",
+    "dustjs-linkedin": "3.0.0",
+    "ejs": "3.1.7",
     "ejs-locals": "1.0.2",
-    "errorhandler": "1.2.0",
-    "express": "4.12.4",
-    "express-fileupload": "0.0.5",
+    "errorhandler": "1.4.3",
+    "express": "4.19.2",
+    "express-fileupload": "1.1.10",
     "express-session": "^1.17.2",
     "file-type": "^8.1.0",
-    "hbs": "^4.0.4",
-    "humanize-ms": "1.0.1",
-    "jquery": "^2.2.4",
-    "lodash": "4.17.4",
-    "marked": "0.3.5",
+    "hbs": "^4.1.2",
+    "humanize-ms": "1.2.1",
+    "jquery": "^3.5.0",
+    "lodash": "4.17.21",
+    "marked": "4.0.10",
     "method-override": "latest",
-    "moment": "2.15.1",
+    "moment": "2.29.2",
     "mongodb": "^3.5.9",
-    "mongoose": "4.2.4",
+    "mongoose": "5.13.20",
     "morgan": "latest",
-    "ms": "^0.7.1",
+    "ms": "^2.0.0",
     "mysql": "^2.18.1",
-    "npmconf": "0.0.24",
+    "npmconf": "2.1.3",
     "optional": "^0.1.3",
-    "st": "0.2.4",
+    "st": "1.2.2",
     "stream-buffers": "^3.0.1",
-    "tap": "^11.1.3",
-    "typeorm": "^0.2.24",
-    "validator": "^13.5.2"
+    "tap": "^18.0.0",
+    "typeorm": "^0.3.18",
+    "validator": "^13.7.0",
+    "@snyk/protect": "latest"
   },
   "devDependencies": {
     "browserify": "^13.1.1",
     "nodemon": "^2.0.7",
-    "snyk": "^1.244.0"
+    "snyk": "^1.1286.2"
   },
-  "license": "Apache-2.0"
+  "license": "Apache-2.0",
+  "snyk": true
 }