From 7fb2270e8f25134af187ab258adaf71cca88ac2b Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Mon, 17 Jan 2022 13:35:17 +0000
Subject: [PATCH] fix: deps/npm/package.json & deps/npm/.snyk to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AJV-584908
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-HOSTEDGITINFO-1088355
- https://snyk.io/vuln/SNYK-JS-SSRI-1246392
- https://snyk.io/vuln/SNYK-JS-TAR-1536528
- https://snyk.io/vuln/SNYK-JS-TAR-1536531
- https://snyk.io/vuln/SNYK-JS-TAR-1536758
- https://snyk.io/vuln/SNYK-JS-TAR-1579147
- https://snyk.io/vuln/SNYK-JS-TAR-1579152
- https://snyk.io/vuln/SNYK-JS-TAR-1579155
- https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381
- https://snyk.io/vuln/npm:chownr:20180731
- https://snyk.io/vuln/npm:mem:20180117


The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/npm:lodash:20180130
---
 deps/npm/.snyk        |  8 ++++++++
 deps/npm/package.json | 33 ++++++++++++++++++---------------
 2 files changed, 26 insertions(+), 15 deletions(-)
 create mode 100644 deps/npm/.snyk

diff --git a/deps/npm/.snyk b/deps/npm/.snyk
new file mode 100644
index 00000000000000..ac2cbc70a21e4e
--- /dev/null
+++ b/deps/npm/.snyk
@@ -0,0 +1,8 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.22.1
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:lodash:20180130':
+    - cli-table2 > lodash:
+        patched: '2022-01-17T13:35:11.264Z'
diff --git a/deps/npm/package.json b/deps/npm/package.json
index fb2b04c1b5c60f..d4b8dc7236567e 100644
--- a/deps/npm/package.json
+++ b/deps/npm/package.json
@@ -35,16 +35,16 @@
   "dependencies": {
     "JSONStream": "~1.3.1",
     "abbrev": "~1.1.1",
-    "ansi-regex": "~3.0.0",
+    "ansi-regex": "~5.0.1",
     "ansicolors": "~0.3.2",
     "ansistyles": "~0.1.3",
     "aproba": "~1.2.0",
     "archy": "~1.0.0",
     "bin-links": "^1.1.0",
     "bluebird": "~3.5.1",
-    "cacache": "~10.0.1",
+    "cacache": "~11.0.1",
     "call-limit": "~1.1.0",
-    "chownr": "~1.0.1",
+    "chownr": "~1.1.0",
     "cli-table2": "~0.2.0",
     "cmd-shim": "~2.0.2",
     "columnify": "~1.5.4",
@@ -59,7 +59,7 @@
     "glob": "~7.1.2",
     "graceful-fs": "~4.1.11",
     "has-unicode": "~2.0.1",
-    "hosted-git-info": "~2.5.0",
+    "hosted-git-info": "~2.8.9",
     "iferr": "~0.1.5",
     "inflight": "~1.0.6",
     "inherits": "~2.0.3",
@@ -67,7 +67,7 @@
     "init-package-json": "~1.10.1",
     "is-cidr": "~1.0.0",
     "lazy-property": "~1.0.0",
-    "libnpx": "~9.7.1",
+    "libnpx": "~10.2.4",
     "lockfile": "~1.0.3",
     "lodash._baseuniq": "~4.6.0",
     "lodash.clonedeep": "~4.5.0",
@@ -83,17 +83,17 @@
     "normalize-package-data": "~2.4.0",
     "npm-cache-filename": "~1.0.2",
     "npm-install-checks": "~3.0.0",
-    "npm-lifecycle": "~2.0.0",
+    "npm-lifecycle": "~2.1.1",
     "npm-package-arg": "~6.0.0",
     "npm-packlist": "~1.1.10",
-    "npm-profile": "~2.0.5",
+    "npm-profile": "~3.0.2",
     "npm-registry-client": "~8.5.0",
     "npm-user-validate": "~1.0.0",
     "npmlog": "~4.1.2",
     "once": "~1.4.0",
     "opener": "~1.4.3",
     "osenv": "~0.1.4",
-    "pacote": "^7.0.2",
+    "pacote": "^8.0.0",
     "path-is-inside": "~1.0.2",
     "promise-inflight": "~1.0.1",
     "qrcode-terminal": "~0.11.0",
@@ -105,7 +105,7 @@
     "read-package-json": "~2.0.12",
     "read-package-tree": "~5.1.6",
     "readable-stream": "~2.3.3",
-    "request": "~2.83.0",
+    "request": "~2.88.0",
     "retry": "~0.10.1",
     "rimraf": "~2.6.2",
     "safe-buffer": "~5.1.1",
@@ -115,20 +115,21 @@
     "sorted-object": "~2.0.1",
     "sorted-union-stream": "~2.1.3",
     "ssri": "~5.0.0",
-    "strip-ansi": "~4.0.0",
+    "strip-ansi": "~6.0.0",
     "tar": "^4.0.2",
     "text-table": "~0.2.0",
     "uid-number": "0.0.6",
     "umask": "~1.1.0",
     "unique-filename": "~1.1.0",
     "unpipe": "~1.0.0",
-    "update-notifier": "~2.3.0",
+    "update-notifier": "~4.0.0",
     "uuid": "~3.1.0",
     "validate-npm-package-name": "~3.0.0",
     "which": "~1.3.0",
     "worker-farm": "~1.5.1",
     "wrappy": "~1.0.2",
-    "write-file-atomic": "~2.1.0"
+    "write-file-atomic": "~2.1.0",
+    "@snyk/protect": "latest"
   },
   "bundleDependencies": [
     "abbrev",
@@ -252,14 +253,16 @@
   },
   "scripts": {
     "dumpconf": "env | grep npm | sort | uniq",
-    "prepare": "node bin/npm-cli.js --no-timing prune --prefix=. --no-global && rimraf test/*/*/node_modules && make -j4 doc",
+    "prepare": "npm run snyk-protect && node bin/npm-cli.js --no-timing prune --prefix=. --no-global && rimraf test/*/*/node_modules && make -j4 doc",
     "preversion": "bash scripts/update-authors.sh && git add AUTHORS && git commit -m \"update AUTHORS\" || true",
     "tap": "tap --timeout 300",
     "tap-cover": "tap --nyc-arg='--cache' --coverage --timeout 600",
     "test": "standard && npm run test-tap",
     "test-coverage": "npm run tap-cover -- \"test/tap/*.js\" \"test/network/*.js\" \"test/broken-under-*/*.js\"",
     "test-tap": "npm run tap -- \"test/tap/*.js\" \"test/network/*.js\" \"test/broken-under-*/*.js\"",
-    "test-node": "tap --timeout 240 \"test/tap/*.js\" \"test/network/*.js\" \"test/broken-under-nyc*/*.js\""
+    "test-node": "tap --timeout 240 \"test/tap/*.js\" \"test/network/*.js\" \"test/broken-under-nyc*/*.js\"",
+    "snyk-protect": "snyk-protect"
   },
-  "license": "Artistic-2.0"
+  "license": "Artistic-2.0",
+  "snyk": true
 }