From 35a7bd389e3eea48ace25c7edabd392335c03355 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Wed, 1 Jan 2020 23:32:03 +0000
Subject: [PATCH] fix: test/fixtures/demo-os/package.json &
 test/fixtures/demo-os/.snyk to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-173692
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-469063
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534478
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534988
- https://snyk.io/vuln/SNYK-JS-KNEX-471962
- https://snyk.io/vuln/SNYK-JS-LODASH-450202
- https://snyk.io/vuln/SNYK-JS-LODASH-73638
- https://snyk.io/vuln/SNYK-JS-LODASH-73639
- https://snyk.io/vuln/SNYK-JS-MORGAN-72579
- https://snyk.io/vuln/npm:debug:20170905
- https://snyk.io/vuln/npm:extend:20180424
- https://snyk.io/vuln/npm:fresh:20170908
- https://snyk.io/vuln/npm:handlebars:20151207
- https://snyk.io/vuln/npm:hawk:20160119
- https://snyk.io/vuln/npm:hoek:20180212
- https://snyk.io/vuln/npm:http-signature:20150122
- https://snyk.io/vuln/npm:knex:20150413
- https://snyk.io/vuln/npm:lodash:20180130
- https://snyk.io/vuln/npm:mime:20170907
- https://snyk.io/vuln/npm:minimatch:20160620
- https://snyk.io/vuln/npm:moment:20160126
- https://snyk.io/vuln/npm:moment:20161019
- https://snyk.io/vuln/npm:moment:20170905
- https://snyk.io/vuln/npm:ms:20151024
- https://snyk.io/vuln/npm:ms:20170412
- https://snyk.io/vuln/npm:negotiator:20160616
- https://snyk.io/vuln/npm:node-uuid:20160328
- https://snyk.io/vuln/npm:qs:20170213
- https://snyk.io/vuln/npm:request:20160119
- https://snyk.io/vuln/npm:tunnel-agent:20170305
- https://snyk.io/vuln/npm:validator:20160218


The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/npm:hoek:20180212
---
 test/fixtures/demo-os/.snyk        | 14 ++++++++++
 test/fixtures/demo-os/package.json | 44 ++++++++++++++++--------------
 2 files changed, 38 insertions(+), 20 deletions(-)
 create mode 100644 test/fixtures/demo-os/.snyk

diff --git a/test/fixtures/demo-os/.snyk b/test/fixtures/demo-os/.snyk
new file mode 100644
index 0000000000..d262fde81f
--- /dev/null
+++ b/test/fixtures/demo-os/.snyk
@@ -0,0 +1,14 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.14.0
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:hoek:20180212':
+    - sqlite3 > node-pre-gyp > hawk > hoek:
+        patched: '2020-01-01T23:31:58.941Z'
+    - sqlite3 > node-pre-gyp > hawk > boom > hoek:
+        patched: '2020-01-01T23:31:58.941Z'
+    - sqlite3 > node-pre-gyp > hawk > sntp > hoek:
+        patched: '2020-01-01T23:31:58.941Z'
+    - sqlite3 > node-pre-gyp > hawk > cryptiles > boom > hoek:
+        patched: '2020-01-01T23:31:58.941Z'
diff --git a/test/fixtures/demo-os/package.json b/test/fixtures/demo-os/package.json
index 164737a469..c16a3fca8e 100644
--- a/test/fixtures/demo-os/package.json
+++ b/test/fixtures/demo-os/package.json
@@ -19,7 +19,9 @@
   "main": "./core/index",
   "scripts": {
     "start": "node index",
-    "test": "grunt validate --verbose"
+    "test": "grunt validate --verbose",
+    "snyk-protect": "snyk protect",
+    "prepublish": "npm run snyk-protect"
   },
   "engines": {
     "node": "~0.10.0 || ~0.12.0",
@@ -28,40 +30,41 @@
   "dependencies": {
     "bcryptjs": "2.1.0",
     "bluebird": "2.9.27",
-    "body-parser": "1.12.4",
-    "bookshelf": "0.7.9",
+    "body-parser": "1.18.2",
+    "bookshelf": "0.10.0",
     "busboy": "0.2.9",
     "chalk": "1.0.0",
-    "cheerio": "0.18.0",
-    "compression": "1.4.4",
+    "cheerio": "0.20.0",
+    "compression": "1.7.1",
     "connect-slashes": "1.3.1",
-    "cookie-session": "1.1.0",
+    "cookie-session": "1.3.2",
     "downsize": "0.0.8",
-    "express": "4.12.4",
-    "express-hbs": "0.8.4",
+    "express": "4.16.0",
+    "express-hbs": "1.0.2",
     "extract-zip": "1.0.3",
     "fs-extra": "0.18.4",
-    "glob": "4.3.2",
+    "glob": "5.0.15",
     "html-to-text": "1.3.0",
-    "knex": "0.7.3",
-    "lodash": "2.4.1",
-    "moment": "2.10.3",
-    "morgan": "1.5.3",
-    "node-uuid": "1.4.3",
-    "nodemailer": "0.7.1",
+    "knex": "0.19.5",
+    "lodash": "4.17.12",
+    "moment": "2.19.3",
+    "morgan": "1.9.1",
+    "node-uuid": "1.4.6",
+    "nodemailer": "1.0.0",
     "oauth2orize": "1.0.1",
     "passport": "0.2.2",
     "passport-http-bearer": "1.0.1",
     "passport-oauth2-client-password": "0.1.2",
     "path-match": "1.2.2",
-    "request": "2.57.0",
+    "request": "2.82.0",
     "rss": "1.1.1",
     "semver": "4.3.6",
     "showdown-ghost": "0.3.6",
-    "sqlite3": "3.0.8",
+    "sqlite3": "4.0.0",
     "unidecode": "0.1.3",
-    "validator": "3.40.0",
-    "xml": "1.0.0"
+    "validator": "5.0.0",
+    "xml": "1.0.0",
+    "snyk": "^1.271.0"
   },
   "optionalDependencies": {
     "mysql": "2.1.1",
@@ -94,5 +97,6 @@
     "supertest": "1.0.1",
     "testem": "0.8.3",
     "top-gh-contribs": "2.0.2"
-  }
+  },
+  "snyk": true
 }