From 939c60504f3c3f07db28b071d0e89a2911b74fff Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 6 Oct 2022 15:28:28 +0000
Subject: [PATCH] fix: package.json, package-lock.json & .snyk to reduce
 vulnerabilities

The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
---
 .snyk             | 32 ++++++++++++++++++
 package-lock.json |  5 +++
 package.json      | 86 +++++++++++++++++++++++++----------------------
 3 files changed, 82 insertions(+), 41 deletions(-)
 create mode 100644 .snyk

diff --git a/.snyk b/.snyk
new file mode 100644
index 0000000..cf80600
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,32 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.0
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-LODASH-567746:
+    - '@testing-library/jest-dom > lodash':
+        patched: '2022-10-06T15:28:14.141Z'
+    - react-scripts > @babel/core > lodash:
+        patched: '2022-10-06T15:28:14.141Z'
+    - react-scripts > eslint > lodash:
+        patched: '2022-10-06T15:28:14.141Z'
+    - react-scripts > eslint-plugin-flowtype > lodash:
+        patched: '2022-10-06T15:28:14.141Z'
+    - react-scripts > html-webpack-plugin > lodash:
+        patched: '2022-10-06T15:28:14.141Z'
+    - react-scripts > webpack-manifest-plugin > lodash:
+        patched: '2022-10-06T15:28:14.141Z'
+    - react-snapshot > http-proxy-middleware > lodash:
+        patched: '2022-10-06T15:28:14.141Z'
+    - react-scripts > @typescript-eslint/parser > @typescript-eslint/typescript-estree > lodash:
+        patched: '2022-10-06T15:28:14.141Z'
+    - react-scripts > eslint > table > lodash:
+        patched: '2022-10-06T15:28:14.141Z'
+    - react-scripts > optimize-css-assets-webpack-plugin > last-call-webpack-plugin > lodash:
+        patched: '2022-10-06T15:28:14.141Z'
+    - react-scripts > react-dev-utils > inquirer > lodash:
+        patched: '2022-10-06T15:28:14.141Z'
+    - react-scripts > webpack-dev-server > http-proxy-middleware > lodash:
+        patched: '2022-10-06T15:28:14.141Z'
+    - react-scripts > webpack-dev-server > portfinder > async > lodash:
+        patched: '2022-10-06T15:28:14.141Z'
diff --git a/package-lock.json b/package-lock.json
index 815cb5d..024851c 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -3381,6 +3381,11 @@
       "resolved": "https://registry.npmjs.org/@sheerun/mutationobserver-shim/-/mutationobserver-shim-0.3.3.tgz",
       "integrity": "sha512-DetpxZw1fzPD5xUBrIAoplLChO2VB8DlL5Gg+I1IR9b2wPqYIca2WSUxL5g1vLeR4MsQq1NeWriXAVffV+U1Fw=="
     },
+    "@snyk/protect": {
+      "version": "1.1023.0",
+      "resolved": "https://registry.npmjs.org/@snyk/protect/-/protect-1.1023.0.tgz",
+      "integrity": "sha512-eKK+/iphDy+r/swvRKX4sBuVY8AEpSOFY0EbUIL7GHdA83UXI5GtW8YCWYRT2BAzUZLiQJ8qmA/nuSwsjXI6pg=="
+    },
     "@svgr/babel-plugin-add-jsx-attribute": {
       "version": "4.2.0",
       "resolved": "https://registry.npmjs.org/@svgr/babel-plugin-add-jsx-attribute/-/babel-plugin-add-jsx-attribute-4.2.0.tgz",
diff --git a/package.json b/package.json
index 11e102e..4a924ae 100644
--- a/package.json
+++ b/package.json
@@ -1,43 +1,47 @@
 {
-	"homepage": "https://git-co-commit.github.io",
-	"name": "git-co-commit-docs",
-	"version": "0.1.0",
-	"private": true,
-	"dependencies": {
-		"@testing-library/jest-dom": "^4.2.4",
-		"@testing-library/react": "^9.3.2",
-		"@testing-library/user-event": "^7.1.2",
-		"react": "^16.13.1",
-		"react-dom": "^16.13.1",
-		"react-router": "^5.2.0",
-		"react-router-dom": "^5.2.0",
-		"react-scripts": "3.4.3",
-		"react-snapshot": "^1.3.0"
-	},
-	"scripts": {
-		"start": "react-scripts start",
-		"build": "react-scripts build && react-snapshot",
-		"test": "react-scripts test",
-		"eject": "react-scripts eject",
-		"predeploy": "npm run build",
-		"deploy": "gh-pages -d build"
-	},
-	"eslintConfig": {
-		"extends": "react-app"
-	},
-	"browserslist": {
-		"production": [
-			">0.2%",
-			"not dead",
-			"not op_mini all"
-		],
-		"development": [
-			"last 1 chrome version",
-			"last 1 firefox version",
-			"last 1 safari version"
-		]
-	},
-	"devDependencies": {
-		"gh-pages": "^3.1.0"
-	}
+  "homepage": "https://git-co-commit.github.io",
+  "name": "git-co-commit-docs",
+  "version": "0.1.0",
+  "private": true,
+  "dependencies": {
+    "@testing-library/jest-dom": "^4.2.4",
+    "@testing-library/react": "^9.3.2",
+    "@testing-library/user-event": "^7.1.2",
+    "react": "^16.13.1",
+    "react-dom": "^16.13.1",
+    "react-router": "^5.2.0",
+    "react-router-dom": "^5.2.0",
+    "react-scripts": "3.4.3",
+    "react-snapshot": "^1.3.0",
+    "@snyk/protect": "latest"
+  },
+  "scripts": {
+    "start": "react-scripts start",
+    "build": "react-scripts build && react-snapshot",
+    "test": "react-scripts test",
+    "eject": "react-scripts eject",
+    "predeploy": "npm run build",
+    "deploy": "gh-pages -d build",
+    "prepare": "npm run snyk-protect",
+    "snyk-protect": "snyk-protect"
+  },
+  "eslintConfig": {
+    "extends": "react-app"
+  },
+  "browserslist": {
+    "production": [
+      ">0.2%",
+      "not dead",
+      "not op_mini all"
+    ],
+    "development": [
+      "last 1 chrome version",
+      "last 1 firefox version",
+      "last 1 safari version"
+    ]
+  },
+  "devDependencies": {
+    "gh-pages": "^3.1.0"
+  },
+  "snyk": true
 }