From 9505791eca8a7ac603a04335105f6cdc0846556c Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Wed, 5 Oct 2022 20:28:53 +0000
Subject: [PATCH] fix: package.json & .snyk to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-ASYNC-2441827
- https://snyk.io/vuln/SNYK-JS-BSON-561052
- https://snyk.io/vuln/SNYK-JS-ENGINEIO-1056749
- https://snyk.io/vuln/SNYK-JS-FSTREAM-174725
- https://snyk.io/vuln/SNYK-JS-GETOBJECT-1054932
- https://snyk.io/vuln/SNYK-JS-GRUNT-2635969
- https://snyk.io/vuln/SNYK-JS-GRUNT-2813632
- https://snyk.io/vuln/SNYK-JS-GRUNT-597546
- https://snyk.io/vuln/SNYK-JS-JSYAML-173999
- https://snyk.io/vuln/SNYK-JS-JSYAML-174129
- https://snyk.io/vuln/SNYK-JS-LODASH-1018905
- https://snyk.io/vuln/SNYK-JS-LODASH-1040724
- https://snyk.io/vuln/SNYK-JS-LODASH-450202
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
- https://snyk.io/vuln/SNYK-JS-LODASH-608086
- https://snyk.io/vuln/SNYK-JS-LODASH-73638
- https://snyk.io/vuln/SNYK-JS-LODASH-73639
- https://snyk.io/vuln/SNYK-JS-MINIMATCH-1019388
- https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795
- https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
- https://snyk.io/vuln/SNYK-JS-MOCHA-561476
- https://snyk.io/vuln/SNYK-JS-MONGODB-473855
- https://snyk.io/vuln/SNYK-JS-MONGOOSE-1086688
- https://snyk.io/vuln/SNYK-JS-MONGOOSE-2961688
- https://snyk.io/vuln/SNYK-JS-MPATH-1577289
- https://snyk.io/vuln/SNYK-JS-MQUERY-1050858
- https://snyk.io/vuln/SNYK-JS-MQUERY-1089718
- https://snyk.io/vuln/SNYK-JS-NCONF-2395478
- https://snyk.io/vuln/SNYK-JS-NODEMAILER-1038834
- https://snyk.io/vuln/SNYK-JS-NODEMAILER-1296415
- https://snyk.io/vuln/SNYK-JS-PASSPORT-2840631
- https://snyk.io/vuln/SNYK-JS-SOCKETIO-1024859
- https://snyk.io/vuln/SNYK-JS-SOCKETIOPARSER-1056752
- https://snyk.io/vuln/SNYK-JS-TAR-1536528
- https://snyk.io/vuln/SNYK-JS-TAR-1536531
- https://snyk.io/vuln/SNYK-JS-TAR-1536758
- https://snyk.io/vuln/SNYK-JS-TAR-1579147
- https://snyk.io/vuln/SNYK-JS-TAR-1579152
- https://snyk.io/vuln/SNYK-JS-TAR-1579155
- https://snyk.io/vuln/SNYK-JS-TAR-174125
- https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984
- https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090599
- https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090600
- https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090601
- https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090602
- https://snyk.io/vuln/SNYK-JS-WS-1296835
- https://snyk.io/vuln/npm:debug:20170905
- https://snyk.io/vuln/npm:deep-extend:20180409
- https://snyk.io/vuln/npm:growl:20160721
- https://snyk.io/vuln/npm:jasmine-core:20180216
- https://snyk.io/vuln/npm:lodash:20180130
- https://snyk.io/vuln/npm:minimatch:20160620
- https://snyk.io/vuln/npm:ms:20151024
- https://snyk.io/vuln/npm:ms:20170412
- https://snyk.io/vuln/npm:qs:20170213
- https://snyk.io/vuln/npm:tar:20151103
- https://snyk.io/vuln/npm:validator:20160218


The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/npm:debug:20170905
- https://snyk.io/vuln/npm:hoek:20180212
- https://snyk.io/vuln/npm:ms:20170412
- https://snyk.io/vuln/npm:request:20160119
- https://snyk.io/vuln/npm:tough-cookie:20170905
- https://snyk.io/vuln/npm:uglify-js:20151024
---
 .snyk        | 26 +++++++++++++++++++++++++-
 package.json | 42 +++++++++++++++++++++---------------------
 2 files changed, 46 insertions(+), 22 deletions(-)

diff --git a/.snyk b/.snyk
index 45661bfbad..a1bcb12672 100644
--- a/.snyk
+++ b/.snyk
@@ -1,8 +1,32 @@
 # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
-version: v1.12.0
+version: v1.25.0
 ignore: {}
 # patches apply the minimum changes required to fix a vulnerability
 patch:
   'npm:tunnel-agent:20170305':
     - phantomjs > request > tunnel-agent:
         patched: '2018-06-26T08:22:57.465Z'
+  'npm:debug:20170905':
+    - socket.io > socket.io-adapter > socket.io-parser > debug:
+        patched: '2022-10-05T20:28:43.064Z'
+  'npm:hoek:20180212':
+    - phantomjs > request > hawk > hoek:
+        patched: '2022-10-05T20:28:43.064Z'
+    - phantomjs > request > hawk > boom > hoek:
+        patched: '2022-10-05T20:28:43.064Z'
+    - phantomjs > request > hawk > sntp > hoek:
+        patched: '2022-10-05T20:28:43.064Z'
+    - phantomjs > request > hawk > cryptiles > boom > hoek:
+        patched: '2022-10-05T20:28:43.064Z'
+  'npm:ms:20170412':
+    - socket.io > socket.io-adapter > socket.io-parser > debug > ms:
+        patched: '2022-10-05T20:28:43.064Z'
+  'npm:request:20160119':
+    - phantomjs > request:
+        patched: '2022-10-05T20:28:43.064Z'
+  'npm:tough-cookie:20170905':
+    - phantomjs > request > tough-cookie:
+        patched: '2022-10-05T20:28:43.064Z'
+  'npm:uglify-js:20151024':
+    - swig > uglify-js:
+        patched: '2022-10-05T20:28:43.064Z'
diff --git a/package.json b/package.json
index 0224e8e1eb..b5b5606803 100644
--- a/package.json
+++ b/package.json
@@ -18,7 +18,7 @@
     "start": "grunt",
     "test": "grunt test",
     "postinstall": "bower install --config.interactive=false",
-    "snyk-protect": "snyk protect",
+    "snyk-protect": "snyk-protect",
     "prepare": "npm run snyk-protect"
   },
   "dependencies": {
@@ -26,46 +26,46 @@
     "async": "^1.3.0",
     "body-parser": "^1.13.1",
     "bower": "^1.4.1",
-    "cfenv": "~1.0.0",
-    "chalk": "^1.1.0",
+    "cfenv": "~1.2.4",
+    "chalk": "^2.0.0",
     "compression": "^1.5.0",
     "connect-flash": "~0.1.1",
-    "connect-mongo": "~0.8.1",
+    "connect-mongo": "~3.0.0",
     "consolidate": "~0.13.1",
     "cookie-parser": "^1.3.2",
     "crypto": "0.0.3",
     "express": "^4.13.1",
     "express-session": "^1.11.3",
-    "forever": "~0.14.2",
+    "forever": "~4.0.0",
     "generate-password": "^1.1.1",
     "glob": "^5.0.13",
-    "grunt": "0.4.5",
-    "grunt-cli": "~0.1.13",
-    "helmet": "~0.9.1",
-    "jasmine-core": "^2.3.4",
-    "lodash": "^3.10.0",
+    "grunt": "1.5.3",
+    "grunt-cli": "~1.3.0",
+    "helmet": "~3.8.2",
+    "jasmine-core": "^3.1.0",
+    "lodash": "^4.17.21",
     "method-override": "^2.3.3",
-    "mocha": "~1.20.0",
-    "mongoose": "^4.0.6",
+    "mocha": "~6.0.0",
+    "mongoose": "^5.13.15",
     "morgan": "^1.6.1",
-    "multer": "0.1.8",
-    "node-pre-gyp": "0.6.4",
-    "nodemailer": "^1.4.0",
+    "multer": "1.0.0",
+    "node-pre-gyp": "0.8.0",
+    "nodemailer": "^6.6.1",
     "owasp-password-strength-test": "^1.3.0",
-    "passport": "~0.2.2",
+    "passport": "~0.6.0",
     "passport-facebook": "^2.0.0",
-    "passport-github": "~0.1.5",
+    "passport-github": "~1.0.0",
     "passport-google-oauth": "~0.2.0",
-    "passport-linkedin": "~0.1.3",
+    "passport-linkedin": "~1.0.0",
     "passport-local": "^1.0.0",
     "passport-paypal-openidconnect": "^0.1.1",
     "passport-twitter": "^1.0.2",
     "phantomjs": ">=1.9.0",
     "serve-favicon": "^2.3.0",
-    "socket.io": "^1.3.5",
+    "socket.io": "^3.0.0",
     "swig": "^1.4.2",
-    "validator": "^3.41.2",
-    "snyk": "^1.85.0"
+    "validator": "^13.7.0",
+    "@snyk/protect": "latest"
   },
   "devDependencies": {
     "grunt-concurrent": "^2.0.0",