From 913e30e1ae970b9907ab3de8f1d0e918fc2507e2 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Sat, 26 Mar 2022 02:37:35 +0000
Subject: [PATCH] fix: package.json, package-lock.json & .snyk to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LODASH-567746


The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
---
 .snyk             | 12 ++++++++++++
 package-lock.json | 11 ++++++++---
 package.json      | 12 ++++++++----
 3 files changed, 28 insertions(+), 7 deletions(-)
 create mode 100644 .snyk

diff --git a/.snyk b/.snyk
new file mode 100644
index 0000000..f7c4d18
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,12 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.22.1
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-LODASH-567746:
+    - elasticsearch > lodash:
+        patched: '2022-03-26T02:37:30.933Z'
+    - tc-core-library-js > lodash:
+        patched: '2022-03-26T02:37:30.933Z'
+    - winston > async > lodash:
+        patched: '2022-03-26T02:37:30.933Z'
diff --git a/package-lock.json b/package-lock.json
index 4b72cb1..10463e7 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -55,6 +55,11 @@
         }
       }
     },
+    "@snyk/protect": {
+      "version": "1.883.0",
+      "resolved": "https://registry.npmjs.org/@snyk/protect/-/protect-1.883.0.tgz",
+      "integrity": "sha512-N/EqG6P/qNYWOfuZAfGS1d7yGwGY4zV7AvKtgTzdhazDt7G/mRLG6czLSWNWGEFYBiMsYRVPHdc5It3bjhmIGw=="
+    },
     "@types/body-parser": {
       "version": "1.19.0",
       "resolved": "https://registry.npmjs.org/@types/body-parser/-/body-parser-1.19.0.tgz",
@@ -2231,9 +2236,9 @@
       }
     },
     "lodash": {
-      "version": "4.17.19",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.19.tgz",
-      "integrity": "sha512-JNvd8XER9GQX0v2qJgsaN/mzFCNA5BRe/j8JN9d+tWyGLSodKQHKFicdwNYzWwI3wjRnaKPsGj1XkBjx/F96DQ=="
+      "version": "4.17.20",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz",
+      "integrity": "sha512-PlhdFcillOINfeV7Ni6oF1TAEayyZBoZ8bcshTHqOYJYlrqzRK5hagpagky5o4HfCzzd1TRkXPMFq6cKk9rGmA=="
     },
     "lodash.clonedeep": {
       "version": "4.5.0",
diff --git a/package.json b/package.json
index 113ce55..9d735aa 100644
--- a/package.json
+++ b/package.json
@@ -17,7 +17,7 @@
     "hashmap": "^2.4.0",
     "http-aws-es": "^6.0.0",
     "informix-wrapper": "git+https://github.com/appirio-tech/informix-wrapper.git#less-logs",
-    "lodash": "^4.17.19",
+    "lodash": "^4.17.20",
     "moment": "^2.26.0",
     "moment-timezone": "^0.5.28",
     "node-schedule": "^1.3.2",
@@ -28,7 +28,8 @@
     "underscore": "^1.10.2",
     "uuid": "^3.3.2",
     "winston": "^3.2.1",
-    "yamljs": "^0.3.0"
+    "yamljs": "^0.3.0",
+    "@snyk/protect": "latest"
   },
   "devDependencies": {
     "standard": "^14.1.0"
@@ -38,8 +39,11 @@
     "lint": "standard",
     "lint:fix": "standard --fix",
     "init-es": "node src/scripts/init-es.js",
-    "migrate": "node src/scripts/migration.js -- $MIGRATION"
+    "migrate": "node src/scripts/migration.js -- $MIGRATION",
+    "prepare": "npm run snyk-protect",
+    "snyk-protect": "snyk-protect"
   },
   "author": "TCSCODER",
-  "license": ""
+  "license": "",
+  "snyk": true
 }