From 1dd376f479fe12de3597eb0af746500157f5b091 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Sat, 26 Mar 2022 00:49:46 +0000
Subject: [PATCH] fix: package.json, package-lock.json & .snyk to reduce
 vulnerabilities

The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
---
 .snyk             | 12 ++++++++++++
 package-lock.json | 17 +++++++++++++++++
 package.json      | 12 +++++++-----
 3 files changed, 36 insertions(+), 5 deletions(-)
 create mode 100644 .snyk

diff --git a/.snyk b/.snyk
new file mode 100644
index 0000000..798e67a
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,12 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.22.1
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-LODASH-567746:
+    - cheerio > lodash:
+        patched: '2022-03-26T00:49:34.370Z'
+    - sequelize > lodash:
+        patched: '2022-03-26T00:49:34.370Z'
+    - tedious > adal-node > async > lodash:
+        patched: '2022-03-26T00:49:34.370Z'
diff --git a/package-lock.json b/package-lock.json
index a30655f..0e62a2c 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -10,6 +10,7 @@
       "license": "GPL-3.0",
       "dependencies": {
         "@discordjs/collection": "^0.1.3",
+        "@snyk/protect": "^1.883.0",
         "cheerio": "^1.0.0-rc.3",
         "discord-paginationembed": "github:gazmull/discord-paginationembed",
         "discord.js": "github:hydrabolt/discord.js",
@@ -217,6 +218,17 @@
         "node": ">=6"
       }
     },
+    "node_modules/@snyk/protect": {
+      "version": "1.883.0",
+      "resolved": "https://registry.npmjs.org/@snyk/protect/-/protect-1.883.0.tgz",
+      "integrity": "sha512-N/EqG6P/qNYWOfuZAfGS1d7yGwGY4zV7AvKtgTzdhazDt7G/mRLG6czLSWNWGEFYBiMsYRVPHdc5It3bjhmIGw==",
+      "bin": {
+        "snyk-protect": "bin/snyk-protect"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
     "node_modules/@szmarczak/http-timer": {
       "version": "1.1.2",
       "resolved": "https://registry.npmjs.org/@szmarczak/http-timer/-/http-timer-1.1.2.tgz",
@@ -4365,6 +4377,11 @@
       "integrity": "sha512-9NET910DNaIPngYnLLPeg+Ogzqsi9uM4mSboU5y6p8S5DzMTVEsJZrawi+BoDNUVBa2DhJqQYUFvMDfgU062LQ==",
       "optional": true
     },
+    "@snyk/protect": {
+      "version": "1.883.0",
+      "resolved": "https://registry.npmjs.org/@snyk/protect/-/protect-1.883.0.tgz",
+      "integrity": "sha512-N/EqG6P/qNYWOfuZAfGS1d7yGwGY4zV7AvKtgTzdhazDt7G/mRLG6czLSWNWGEFYBiMsYRVPHdc5It3bjhmIGw=="
+    },
     "@szmarczak/http-timer": {
       "version": "1.1.2",
       "resolved": "https://registry.npmjs.org/@szmarczak/http-timer/-/http-timer-1.1.2.tgz",
diff --git a/package.json b/package.json
index 832528a..8f7f26a 100644
--- a/package.json
+++ b/package.json
@@ -4,7 +4,9 @@
   "description": "Botstion4",
   "main": "boat.js",
   "scripts": {
-    "start": "node boat.js"
+    "start": "node boat.js",
+    "prepare": "npm run snyk-protect",
+    "snyk-protect": "snyk-protect"
   },
   "repository": {
     "type": "git",
@@ -32,18 +34,18 @@
     "discord.js": "github:hydrabolt/discord.js",
     "express": "^4.17.1",
     "node-fetch": "^2.6.6",
-    "setimmediate": "^1.0.5"
-
+    "setimmediate": "^1.0.5",
+    "@snyk/protect": "latest"
   },
   "optionalDependencies": {
     "genius-lyrics": "^4.2.7",
     "shortcuts.js": "github:haykam821/Shortcuts.js",
-
     "sequelize": "^6.0.0",
     "mysql2": "^1.7.0",
     "pg": "^7.12.1",
     "pg-hstore": "^2.3.3",
     "sqlite3": "^4.1.0",
     "tedious": "^5.0.3"
-  }
+  },
+  "snyk": true
 }