From 4e2b65bd029ed726d26d7ddff8fe220ab2312770 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 13 Jan 2022 14:09:35 +0000
Subject: [PATCH] fix: package.json & .snyk to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AJV-584908
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-CODECOV-543183
- https://snyk.io/vuln/SNYK-JS-CODECOV-548879
- https://snyk.io/vuln/SNYK-JS-CODECOV-585979
- https://snyk.io/vuln/SNYK-JS-ENGINEIO-1056749
- https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905
- https://snyk.io/vuln/SNYK-JS-JSYAML-173999
- https://snyk.io/vuln/SNYK-JS-JSYAML-174129
- https://snyk.io/vuln/SNYK-JS-LODASH-1018905
- https://snyk.io/vuln/SNYK-JS-LODASH-1040724
- https://snyk.io/vuln/SNYK-JS-LODASH-450202
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
- https://snyk.io/vuln/SNYK-JS-LODASH-590103
- https://snyk.io/vuln/SNYK-JS-LODASH-608086
- https://snyk.io/vuln/SNYK-JS-LODASH-73638
- https://snyk.io/vuln/SNYK-JS-LODASH-73639
- https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
- https://snyk.io/vuln/SNYK-JS-SOCKETIO-1024859
- https://snyk.io/vuln/SNYK-JS-SOCKETIOPARSER-1056752
- https://snyk.io/vuln/SNYK-JS-TRIMNEWLINES-1298042
- https://snyk.io/vuln/SNYK-JS-WS-1296835
- https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1082936
- https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1255647
- https://snyk.io/vuln/npm:braces:20180219
- https://snyk.io/vuln/npm:debug:20170905
- https://snyk.io/vuln/npm:eslint:20180222
- https://snyk.io/vuln/npm:lodash:20180130
- https://snyk.io/vuln/npm:ms:20170412
- https://snyk.io/vuln/npm:ws:20171108


The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/npm:debug:20170905
- https://snyk.io/vuln/npm:hoek:20180212
- https://snyk.io/vuln/npm:ms:20170412
- https://snyk.io/vuln/npm:tunnel-agent:20170305
---
 .snyk        | 33 +++++++++++++++++++++++++++++++++
 package.json | 22 +++++++++++++---------
 2 files changed, 46 insertions(+), 9 deletions(-)
 create mode 100644 .snyk

diff --git a/.snyk b/.snyk
new file mode 100644
index 000000000..a4b77a5b3
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,33 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.22.1
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:debug:20170905':
+    - karma > socket.io > socket.io-adapter > socket.io-parser > debug:
+        patched: '2022-01-13T14:09:31.728Z'
+  'npm:hoek:20180212':
+    - codecov > request > hawk > hoek:
+        patched: '2022-01-13T14:09:31.728Z'
+    - coveralls > request > hawk > hoek:
+        patched: '2022-01-13T14:09:31.728Z'
+    - codecov > request > hawk > boom > hoek:
+        patched: '2022-01-13T14:09:31.728Z'
+    - coveralls > request > hawk > boom > hoek:
+        patched: '2022-01-13T14:09:31.728Z'
+    - codecov > request > hawk > sntp > hoek:
+        patched: '2022-01-13T14:09:31.728Z'
+    - coveralls > request > hawk > sntp > hoek:
+        patched: '2022-01-13T14:09:31.728Z'
+    - codecov > request > hawk > cryptiles > boom > hoek:
+        patched: '2022-01-13T14:09:31.728Z'
+    - coveralls > request > hawk > cryptiles > boom > hoek:
+        patched: '2022-01-13T14:09:31.728Z'
+  'npm:ms:20170412':
+    - karma > socket.io > socket.io-adapter > socket.io-parser > debug > ms:
+        patched: '2022-01-13T14:09:31.728Z'
+  'npm:tunnel-agent:20170305':
+    - codecov > request > tunnel-agent:
+        patched: '2022-01-13T14:09:31.728Z'
+    - coveralls > request > tunnel-agent:
+        patched: '2022-01-13T14:09:31.728Z'
diff --git a/package.json b/package.json
index 58090fa22..53e6bd92a 100644
--- a/package.json
+++ b/package.json
@@ -34,7 +34,7 @@
     "extend": "~3.0.1",
     "forever-agent": "~0.6.1",
     "form-data": "~2.3.1",
-    "har-validator": "~5.0.3",
+    "har-validator": "~5.1.3",
     "hawk": "~6.0.2",
     "http-signature": "~1.2.0",
     "is-typedarray": "~1.0.0",
@@ -48,34 +48,37 @@
     "stringstream": "~0.0.5",
     "tough-cookie": "~2.3.3",
     "tunnel-agent": "^0.6.0",
-    "uuid": "^3.1.0"
+    "uuid": "^3.1.0",
+    "@snyk/protect": "latest"
   },
   "scripts": {
     "test": "npm run lint && npm run test-ci && npm run test-browser",
     "test-ci": "taper tests/test-*.js",
     "test-cov": "istanbul cover tape tests/test-*.js",
     "test-browser": "node tests/browser/start.js",
-    "lint": "standard"
+    "lint": "standard",
+    "prepublish": "npm run snyk-protect",
+    "snyk-protect": "snyk-protect"
   },
   "devDependencies": {
     "bluebird": "^3.2.1",
     "browserify": "^13.0.1",
     "browserify-istanbul": "^2.0.0",
     "buffer-equal": "^1.0.0",
-    "codecov": "^2.0.2",
-    "coveralls": "^2.11.4",
+    "codecov": "^3.7.1",
+    "coveralls": "^3.0.0",
     "function-bind": "^1.0.2",
     "istanbul": "^0.4.0",
-    "karma": "^1.1.1",
+    "karma": "^6.0.0",
     "karma-browserify": "^5.0.1",
     "karma-cli": "^1.0.0",
-    "karma-coverage": "^1.0.0",
+    "karma-coverage": "^2.0.2",
     "karma-phantomjs-launcher": "^1.0.0",
     "karma-tap": "^3.0.1",
     "phantomjs-prebuilt": "^2.1.3",
     "rimraf": "^2.2.8",
     "server-destroy": "^1.0.1",
-    "standard": "^9.0.0",
+    "standard": "^13.0.0",
     "tape": "^4.6.0",
     "taper": "^0.5.0"
   },
@@ -84,5 +87,6 @@
       "hawk",
       "har-validator"
     ]
-  }
+  },
+  "snyk": true
 }