From 0a3f6476b02951ce9163dcd778a3182a709d6e8f Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Wed, 24 Aug 2022 16:41:45 +0000
Subject: [PATCH] fix: package.json & .snyk to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANSIHTML-1296849
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-AXIOS-1038255
- https://snyk.io/vuln/SNYK-JS-AXIOS-1579269
- https://snyk.io/vuln/SNYK-JS-AXIOS-174505
- https://snyk.io/vuln/SNYK-JS-ENGINEIO-1056749
- https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905
- https://snyk.io/vuln/SNYK-JS-HTTPPROXY-569139
- https://snyk.io/vuln/SNYK-JS-JQUERY-174006
- https://snyk.io/vuln/SNYK-JS-JQUERY-565129
- https://snyk.io/vuln/SNYK-JS-JQUERY-567880
- https://snyk.io/vuln/SNYK-JS-LODASH-1018905
- https://snyk.io/vuln/SNYK-JS-LODASH-1040724
- https://snyk.io/vuln/SNYK-JS-LODASH-450202
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
- https://snyk.io/vuln/SNYK-JS-LODASH-608086
- https://snyk.io/vuln/SNYK-JS-LODASH-73638
- https://snyk.io/vuln/SNYK-JS-LODASH-73639
- https://snyk.io/vuln/SNYK-JS-MOMENT-2440688
- https://snyk.io/vuln/SNYK-JS-MOMENT-2944238
- https://snyk.io/vuln/SNYK-JS-MONGOOSE-1086688
- https://snyk.io/vuln/SNYK-JS-MONGOOSE-2961688
- https://snyk.io/vuln/SNYK-JS-OBJECTPATH-1017036
- https://snyk.io/vuln/SNYK-JS-OBJECTPATH-1569453
- https://snyk.io/vuln/SNYK-JS-SOCKETIO-1024859
- https://snyk.io/vuln/SNYK-JS-SOCKETIOPARSER-1056752
- https://snyk.io/vuln/SNYK-JS-UAPARSERJS-1023599
- https://snyk.io/vuln/SNYK-JS-UAPARSERJS-1072471
- https://snyk.io/vuln/SNYK-JS-UAPARSERJS-610226
- https://snyk.io/vuln/SNYK-JS-WS-1296835
- https://snyk.io/vuln/SNYK-JS-XLSX-1311137
- https://snyk.io/vuln/SNYK-JS-XLSX-1311139
- https://snyk.io/vuln/SNYK-JS-XLSX-1311141
- https://snyk.io/vuln/SNYK-JS-XLSX-585898
- https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1082936
- https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1255647
- https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381
- https://snyk.io/vuln/npm:braces:20180219
- https://snyk.io/vuln/npm:debug:20170905
- https://snyk.io/vuln/npm:lodash:20180130
- https://snyk.io/vuln/npm:moment:20170905
- https://snyk.io/vuln/npm:ua-parser-js:20180227


The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
- https://snyk.io/vuln/npm:debug:20170905
---
 .snyk        | 25 ++++++++++++++++++++++++-
 package.json | 24 ++++++++++++------------
 2 files changed, 36 insertions(+), 13 deletions(-)

diff --git a/.snyk b/.snyk
index c454d525..077fe568 100644
--- a/.snyk
+++ b/.snyk
@@ -1,5 +1,5 @@
 # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
-version: v1.12.0
+version: v1.25.0
 ignore: {}
 # patches apply the minimum changes required to fix a vulnerability
 patch:
@@ -21,9 +21,32 @@ patch:
   'npm:debug:20170905':
     - browser-sync > localtunnel > debug:
         patched: '2018-08-29T05:56:42.895Z'
+    - browser-sync > resp-modifier > debug:
+        patched: '2022-08-24T16:41:40.153Z'
+    - mongoose-dbref > mongoose > mquery > debug:
+        patched: '2022-08-24T16:41:40.153Z'
+    - browser-sync > chokidar > braces > snapdragon > debug:
+        patched: '2022-08-24T16:41:40.153Z'
+    - browser-sync > chokidar > anymatch > micromatch > snapdragon > debug:
+        patched: '2022-08-24T16:41:40.153Z'
+    - browser-sync > chokidar > anymatch > micromatch > braces > snapdragon > debug:
+        patched: '2022-08-24T16:41:40.153Z'
+    - browser-sync > chokidar > anymatch > micromatch > extglob > snapdragon > debug:
+        patched: '2022-08-24T16:41:40.153Z'
+    - browser-sync > chokidar > anymatch > micromatch > nanomatch > snapdragon > debug:
+        patched: '2022-08-24T16:41:40.153Z'
+    - browser-sync > chokidar > anymatch > micromatch > extglob > expand-brackets > snapdragon > debug:
+        patched: '2022-08-24T16:41:40.153Z'
   'npm:minimatch:20160620':
     - istanbul-harmony > fileset > minimatch:
         patched: '2018-08-29T05:56:42.895Z'
   'npm:uglify-js:20151024':
     - istanbul-harmony > handlebars > uglify-js:
         patched: '2018-08-29T05:56:42.895Z'
+  SNYK-JS-LODASH-567746:
+    - browser-sync > easy-extender > lodash:
+        patched: '2022-08-24T16:41:40.153Z'
+    - extract-text-webpack-plugin > async > lodash:
+        patched: '2022-08-24T16:41:40.153Z'
+    - mongoose-dbref > mongoose > async > lodash:
+        patched: '2022-08-24T16:41:40.153Z'
diff --git a/package.json b/package.json
index 2f294dd5..d4ccf4af 100644
--- a/package.json
+++ b/package.json
@@ -13,14 +13,14 @@
     "changelog": "conventional-changelog -p angular -i CHANGELOG.md -s",
     "production": "webpack --config webpack.production.config.js -p & cross-env NODE_ENV=production node app",
     "test-cov": "node node_modules/istanbul-harmony/lib/cli.js cover ./node_modules/mocha/bin/_mocha  -- --timeout 500000 --recursive test/",
-    "snyk-protect": "snyk protect",
+    "snyk-protect": "snyk-protect",
     "prepare": "npm run snyk-protect"
   },
   "dependencies": {
     "assert": "^2.0.0",
     "async": "^3.0.1",
     "body-parser": "~1.19.0",
-    "browser-sync": "^2.26.3",
+    "browser-sync": "^2.27.8",
     "chai": "^4.0.2",
     "cheerio": "^0.22.0",
     "chokidar": "^3.0.0",
@@ -38,20 +38,20 @@
     "express": "~5.0.0-alpha.6",
     "express-ejs-layouts": "^2.2.0",
     "express-partials": "^0.3.0",
-    "express-session": "^1.14.2",
+    "express-session": "^1.15.6",
     "extract-text-webpack-plugin": "^3.0.0",
     "file-loader": "^6.0.0",
     "formidable": "^1.0.17",
     "fs": "0.0.2",
     "http": "0.0.0",
     "istanbul-harmony": "^0.3.16",
-    "jquery": "^3.1.1",
+    "jquery": "^3.5.0",
     "loadash": "1.0.0",
-    "lodash": "^4.16.6",
+    "lodash": "^4.17.21",
     "mocha": "^7.0.1",
     "mochawesome": "^6.0.0",
-    "moment": "^2.15.1",
-    "mongoose": "5.9.17",
+    "moment": "^2.29.4",
+    "mongoose": "6.4.6",
     "mongoose-dbref": "0.0.4",
     "morgan": "~1.10.0",
     "multer": "^1.4.1",
@@ -59,7 +59,7 @@
     "npm-install-webpack-plugin": "^4.0.4",
     "paypal-rest-sdk": "^1.7.0",
     "reload": "^3.0.0",
-    "resolve-url-loader": "^3.0.0",
+    "resolve-url-loader": "^3.1.2",
     "sass-loader": "^8.0.0",
     "serve-favicon": "~2.5.0",
     "style-loader": "^1.0.0",
@@ -68,13 +68,13 @@
     "url-loader": "^4.0.0",
     "webpack": "^4.25.1",
     "webpack-dev-middleware": "^3.4.0",
-    "webpack-hot-middleware": "^2.24.3",
-    "xls-to-json": "^0.5.0",
+    "webpack-hot-middleware": "^2.25.1",
+    "xls-to-json": "^2.1.1",
     "xls-to-json-lc": "^0.3.3",
     "xlsx": "^0.16.0",
     "xlsx-to-json-lc": "^0.5.0",
     "grunt": "~1.1.0",
-    "snyk": "^2.0.0"
+    "@snyk/protect": "latest"
   },
   "devDependencies": {
     "babel-core": "^6.18.2",
@@ -101,7 +101,7 @@
     "mocha": "^5.0.1",
     "mocha-lcov-reporter": "^1.2.0",
     "mochawesome": "^3.0.2",
-    "mongoose": "^5.2.14",
+    "mongoose": "^6.4.6",
     "nodemon": "^2.0.0",
     "should": "^13.0.0",
     "superagent": "^3.5.2",