From 1507db5fdd334fcf796f9f1569d4cd6a2c6d1d39 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Wed, 26 Apr 2023 03:25:32 +0000
Subject: [PATCH] fix:
 test/fixtures/qs-package/node_modules/request/package.json &
 test/fixtures/qs-package/node_modules/request/.snyk to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1056767
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1279029
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-173692
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-469063
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534478
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534988
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-567742
- https://snyk.io/vuln/SNYK-JS-HTTPPROXY-569139
- https://snyk.io/vuln/SNYK-JS-JSYAML-173999
- https://snyk.io/vuln/SNYK-JS-JSYAML-174129
- https://snyk.io/vuln/SNYK-JS-KARMA-2395349
- https://snyk.io/vuln/SNYK-JS-KARMA-2396325
- https://snyk.io/vuln/SNYK-JS-LODASH-1018905
- https://snyk.io/vuln/SNYK-JS-LODASH-1040724
- https://snyk.io/vuln/SNYK-JS-LODASH-450202
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
- https://snyk.io/vuln/SNYK-JS-LODASH-608086
- https://snyk.io/vuln/SNYK-JS-LODASH-73638
- https://snyk.io/vuln/SNYK-JS-LODASH-73639
- https://snyk.io/vuln/SNYK-JS-LOG4JS-2348757
- https://snyk.io/vuln/SNYK-JS-MINIMATCH-1019388
- https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818
- https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795
- https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
- https://snyk.io/vuln/SNYK-JS-SHELLQUOTE-1766506
- https://snyk.io/vuln/SNYK-JS-SOCKETIO-1024859
- https://snyk.io/vuln/SNYK-JS-TRIMNEWLINES-1298042
- https://snyk.io/vuln/SNYK-JS-UGLIFYJS-1727251
- https://snyk.io/vuln/npm:braces:20180219
- https://snyk.io/vuln/npm:concat-stream:20160901
- https://snyk.io/vuln/npm:debug:20170905
- https://snyk.io/vuln/npm:handlebars:20151207
- https://snyk.io/vuln/npm:lodash:20180130
- https://snyk.io/vuln/npm:minimatch:20160620
- https://snyk.io/vuln/npm:ms:20170412
- https://snyk.io/vuln/npm:shell-quote:20160621
- https://snyk.io/vuln/npm:uglify-js:20150824
- https://snyk.io/vuln/npm:uglify-js:20151024


The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/npm:debug:20170905
- https://snyk.io/vuln/npm:hoek:20180212
- https://snyk.io/vuln/npm:mime:20170907
- https://snyk.io/vuln/npm:minimatch:20160620
- https://snyk.io/vuln/npm:ms:20170412
- https://snyk.io/vuln/npm:negotiator:20160616
- https://snyk.io/vuln/npm:request:20160119
- https://snyk.io/vuln/npm:tough-cookie:20170905
- https://snyk.io/vuln/npm:tunnel-agent:20170305
- https://snyk.io/vuln/npm:uglify-js:20151024
- https://snyk.io/vuln/npm:ws:20160920
---
 .../qs-package/node_modules/request/.snyk     | 94 +++++++++++++++++++
 .../node_modules/request/package.json         | 30 +++---
 2 files changed, 111 insertions(+), 13 deletions(-)
 create mode 100644 test/fixtures/qs-package/node_modules/request/.snyk

diff --git a/test/fixtures/qs-package/node_modules/request/.snyk b/test/fixtures/qs-package/node_modules/request/.snyk
new file mode 100644
index 0000000000..23e10cd839
--- /dev/null
+++ b/test/fixtures/qs-package/node_modules/request/.snyk
@@ -0,0 +1,94 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.0
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:debug:20170905':
+    - karma > connect > body-parser > debug:
+        patched: '2023-04-26T03:25:27.609Z'
+    - karma > connect > compression > debug:
+        patched: '2023-04-26T03:25:27.609Z'
+    - karma > connect > connect-timeout > debug:
+        patched: '2023-04-26T03:25:27.609Z'
+    - karma > connect > express-session > debug:
+        patched: '2023-04-26T03:25:27.609Z'
+    - karma > connect > morgan > debug:
+        patched: '2023-04-26T03:25:27.609Z'
+    - karma > connect > serve-index > debug:
+        patched: '2023-04-26T03:25:27.609Z'
+    - karma > connect > serve-static > send > debug:
+        patched: '2023-04-26T03:25:27.609Z'
+  'npm:hoek:20180212':
+    - coveralls > request > hawk > hoek:
+        patched: '2023-04-26T03:25:27.609Z'
+    - coveralls > request > hawk > boom > hoek:
+        patched: '2023-04-26T03:25:27.609Z'
+    - coveralls > request > hawk > sntp > hoek:
+        patched: '2023-04-26T03:25:27.609Z'
+    - karma-phantomjs-launcher > phantomjs > request > hawk > hoek:
+        patched: '2023-04-26T03:25:27.609Z'
+    - coveralls > request > hawk > cryptiles > boom > hoek:
+        patched: '2023-04-26T03:25:27.609Z'
+    - karma-phantomjs-launcher > phantomjs > request > hawk > boom > hoek:
+        patched: '2023-04-26T03:25:27.609Z'
+    - karma-phantomjs-launcher > phantomjs > request > hawk > sntp > hoek:
+        patched: '2023-04-26T03:25:27.609Z'
+    - karma-phantomjs-launcher > phantomjs > request > hawk > cryptiles > boom > hoek:
+        patched: '2023-04-26T03:25:27.609Z'
+  'npm:mime:20170907':
+    - karma > connect > serve-static > send > mime:
+        patched: '2023-04-26T03:25:27.609Z'
+  'npm:minimatch:20160620':
+    - karma-coverage > ibrik > istanbul > fileset > minimatch:
+        patched: '2023-04-26T03:25:27.609Z'
+  'npm:ms:20170412':
+    - karma > connect > connect-timeout > ms:
+        patched: '2023-04-26T03:25:27.609Z'
+    - karma > connect > body-parser > debug > ms:
+        patched: '2023-04-26T03:25:27.609Z'
+    - karma > connect > compression > debug > ms:
+        patched: '2023-04-26T03:25:27.609Z'
+    - karma > connect > connect-timeout > debug > ms:
+        patched: '2023-04-26T03:25:27.609Z'
+    - karma > connect > express-session > debug > ms:
+        patched: '2023-04-26T03:25:27.609Z'
+    - karma > connect > morgan > debug > ms:
+        patched: '2023-04-26T03:25:27.609Z'
+    - karma > connect > serve-index > debug > ms:
+        patched: '2023-04-26T03:25:27.609Z'
+    - karma > connect > serve-static > send > ms:
+        patched: '2023-04-26T03:25:27.609Z'
+    - karma > connect > serve-static > send > debug > ms:
+        patched: '2023-04-26T03:25:27.609Z'
+    - karma > connect > serve-favicon > ms:
+        patched: '2023-04-26T03:25:27.609Z'
+  'npm:negotiator:20160616':
+    - karma > connect > compression > accepts > negotiator:
+        patched: '2023-04-26T03:25:27.609Z'
+    - karma > connect > serve-index > accepts > negotiator:
+        patched: '2023-04-26T03:25:27.609Z'
+  'npm:request:20160119':
+    - karma-phantomjs-launcher > phantomjs > request:
+        patched: '2023-04-26T03:25:27.609Z'
+  'npm:tough-cookie:20170905':
+    - karma-phantomjs-launcher > phantomjs > request > tough-cookie:
+        patched: '2023-04-26T03:25:27.609Z'
+  'npm:tunnel-agent:20170305':
+    - coveralls > request > tunnel-agent:
+        patched: '2023-04-26T03:25:27.609Z'
+    - karma-phantomjs-launcher > phantomjs > request > tunnel-agent:
+        patched: '2023-04-26T03:25:27.609Z'
+  'npm:uglify-js:20151024':
+    - browserify > umd > ruglify > uglify-js:
+        patched: '2023-04-26T03:25:27.609Z'
+    - browserify > browser-pack > umd > ruglify > uglify-js:
+        patched: '2023-04-26T03:25:27.609Z'
+    - karma-browserify > watchify > browserify > umd > ruglify > uglify-js:
+        patched: '2023-04-26T03:25:27.609Z'
+    - karma-browserify > watchify > browserify > browser-pack > umd > ruglify > uglify-js:
+        patched: '2023-04-26T03:25:27.609Z'
+    - karma-browserify > watchify > browserify > umd > uglify-js:
+        patched: '2023-04-26T03:25:27.609Z'
+  'npm:ws:20160920':
+    - karma > socket.io > socket.io-client > ws:
+        patched: '2023-04-26T03:25:27.609Z'
diff --git a/test/fixtures/qs-package/node_modules/request/package.json b/test/fixtures/qs-package/node_modules/request/package.json
index 61ad6ee4d4..6e2dff1d59 100644
--- a/test/fixtures/qs-package/node_modules/request/package.json
+++ b/test/fixtures/qs-package/node_modules/request/package.json
@@ -67,27 +67,28 @@
     "qs": "~3.1.0",
     "stringstream": "~0.0.4",
     "tough-cookie": ">=0.12.0",
-    "tunnel-agent": "~0.4.0"
+    "tunnel-agent": "~0.4.0",
+    "@snyk/protect": "latest"
   },
   "description": "Simplified HTTP request client.",
   "devDependencies": {
     "bluebird": "~2.9.21",
-    "browserify": "~5.9.1",
-    "browserify-istanbul": "~0.1.3",
+    "browserify": "~12.0.0",
+    "browserify-istanbul": "~2.0.0",
     "buffer-equal": "0.0.1",
-    "coveralls": "~2.11.2",
-    "eslint": "0.18.0",
+    "coveralls": "~2.13.2",
+    "eslint": "1.9.0",
     "function-bind": "~1.0.0",
-    "istanbul": "~0.3.2",
-    "karma": "~0.12.21",
-    "karma-browserify": "~3.0.1",
+    "istanbul": "~0.4.5",
+    "karma": "~6.3.16",
+    "karma-browserify": "~5.3.0",
     "karma-cli": "0.0.4",
-    "karma-coverage": "0.2.6",
-    "karma-phantomjs-launcher": "~0.1.4",
+    "karma-coverage": "2.0.2",
+    "karma-phantomjs-launcher": "~0.2.0",
     "karma-tap": "~1.0.1",
     "rimraf": "~2.2.8",
     "server-destroy": "~1.0.0",
-    "tape": "~3.0.0",
+    "tape": "~4.0.0",
     "taper": "~0.4.0"
   },
   "directories": {},
@@ -130,7 +131,9 @@
   "scripts": {
     "lint": "node node_modules/.bin/eslint lib/ *.js tests/ && echo Lint passed.",
     "test": "npm run lint && node node_modules/.bin/taper tests/test-*.js && npm run test-browser",
-    "test-browser": "node tests/browser/start.js"
+    "test-browser": "node tests/browser/start.js",
+    "prepublish": "npm run snyk-protect",
+    "snyk-protect": "snyk-protect"
   },
   "tags": [
     "http",
@@ -138,5 +141,6 @@
     "util",
     "utility"
   ],
-  "version": "2.57.0"
+  "version": "2.57.0",
+  "snyk": true
 }