From 7ce57f9640144d25c18eeb2522782add87c195b0 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Sat, 26 Mar 2022 00:09:22 +0000
Subject: [PATCH] fix: package.json, package-lock.json & .snyk to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LODASH-567746


The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
---
 .snyk             |  10 +++
 package-lock.json |  11 +++-
 package.json      | 152 ++++++++++++++++++++++++----------------------
 3 files changed, 96 insertions(+), 77 deletions(-)
 create mode 100644 .snyk

diff --git a/.snyk b/.snyk
new file mode 100644
index 00000000000..f0e4375a713
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,10 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.22.1
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-LODASH-567746:
+    - cytoscape-dagre > dagre > lodash:
+        patched: '2022-03-26T00:09:05.521Z'
+    - cytoscape-dagre > dagre > graphlib > lodash:
+        patched: '2022-03-26T00:09:05.521Z'
diff --git a/package-lock.json b/package-lock.json
index e5435a61957..849278fbd70 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -93,6 +93,11 @@
                 "fastq": "^1.6.0"
             }
         },
+        "@snyk/protect": {
+            "version": "1.883.0",
+            "resolved": "https://registry.npmjs.org/@snyk/protect/-/protect-1.883.0.tgz",
+            "integrity": "sha512-N/EqG6P/qNYWOfuZAfGS1d7yGwGY4zV7AvKtgTzdhazDt7G/mRLG6czLSWNWGEFYBiMsYRVPHdc5It3bjhmIGw=="
+        },
         "@tokenizer/token": {
             "version": "0.1.1",
             "resolved": "https://registry.npmjs.org/@tokenizer/token/-/token-0.1.1.tgz",
@@ -3985,9 +3990,9 @@
             }
         },
         "lodash": {
-            "version": "4.17.19",
-            "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.19.tgz",
-            "integrity": "sha512-JNvd8XER9GQX0v2qJgsaN/mzFCNA5BRe/j8JN9d+tWyGLSodKQHKFicdwNYzWwI3wjRnaKPsGj1XkBjx/F96DQ=="
+            "version": "4.17.20",
+            "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz",
+            "integrity": "sha512-PlhdFcillOINfeV7Ni6oF1TAEayyZBoZ8bcshTHqOYJYlrqzRK5hagpagky5o4HfCzzd1TRkXPMFq6cKk9rGmA=="
         },
         "lodash.debounce": {
             "version": "4.0.8",
diff --git a/package.json b/package.json
index 47b0fbaff13..a84dc5ef16a 100644
--- a/package.json
+++ b/package.json
@@ -1,76 +1,80 @@
 {
-    "name": "@glpi/glpi",
-    "version": "",
-    "private": true,
-    "description": "GLPI dependencies",
-    "license": "GPL-2.0",
-    "dependencies": {
-        "@fortawesome/fontawesome-free": "^5.12.1",
-        "@fullcalendar/core": "^4.4.0",
-        "@fullcalendar/daygrid": "^4.4.0",
-        "@fullcalendar/interaction": "^4.4.0",
-        "@fullcalendar/list": "^4.4.0",
-        "@fullcalendar/rrule": "^4.4.0",
-        "@fullcalendar/timegrid": "^4.4.0",
-        "chartist": "^0.11.4",
-        "chartist-plugin-legend": "^0.6.2",
-        "chartist-plugin-pointlabels": "^0.0.6",
-        "chartist-plugin-tooltips-updated": "^0.1.2",
-        "codemirror": "^5.51.0",
-        "cytoscape": "^3.13.0",
-        "cytoscape-canvas": "^3.0.1",
-        "cytoscape-context-menus": "^4.0.0",
-        "cytoscape-dagre": "^2.2.1",
-        "cytoscape-grid-guide": "^2.3.0",
-        "diff-match-patch": "^1.0.4",
-        "file-type": "^14.1.3",
-        "fittext.js": "^1.2.0",
-        "flatpickr": "^4.6.3",
-        "fuzzy": "^0.1.3",
-        "gettext.js": "^1.0.0",
-        "gridstack": "^0.6.0",
-        "html5sortable": "^0.9.18",
-        "jquery": "^3.4.1",
-        "jquery-migrate": "^3.1.0",
-        "jquery-mousewheel": "^3.1.13",
-        "jquery-prettytextdiff": "^1.0.4",
-        "jquery-ui": "^1.11.4",
-        "jquery-ui-dist": "^1.11.4",
-        "jquery.autogrow-textarea": "^0.4.1",
-        "jquery.rateit": "^1.1.3",
-        "jstree": "^3.3.8",
-        "leaflet": "^1.6.0",
-        "leaflet-fullscreen": "^1.0.2",
-        "leaflet-spin": "^1.1.0",
-        "leaflet.awesome-markers": "^2.0.5",
-        "leaflet.markercluster": "^1.4.1",
-        "lodash": "^4.17.19",
-        "photoswipe": "^4.1.3",
-        "prismjs": "^1.21.0",
-        "qtip2": "^3.0.3",
-        "rrule": "^2.6.3",
-        "select2": "^4.0.13",
-        "spin.js": "^4.1.0",
-        "tinymce": "^4.9.8",
-        "tinymce-i18n": "^20.4.4",
-        "unorm": "^1.6.0"
-    },
-    "scripts": {
-        "build": "webpack --config webpack.config.js"
-    },
-    "devDependencies": {
-        "acorn": "^7.0.0",
-        "clean-webpack-plugin": "^3.0.0",
-        "copy-webpack-plugin": "^6.0.1",
-        "css-loader": "^3.4.2",
-        "eslint": "^7.1.0",
-        "file-loader": "^6.0.0",
-        "glob": "^7.1.6",
-        "mini-css-extract-plugin": "^0.9.0",
-        "script-loader": "^0.7.2",
-        "strip-sourcemap-loader": "^0.0.1",
-        "terser": "^4.7.0",
-        "webpack": "^4.41.2",
-        "webpack-cli": "^3.3.10"
-    }
+  "name": "@glpi/glpi",
+  "version": "",
+  "private": true,
+  "description": "GLPI dependencies",
+  "license": "GPL-2.0",
+  "dependencies": {
+    "@fortawesome/fontawesome-free": "^5.12.1",
+    "@fullcalendar/core": "^4.4.0",
+    "@fullcalendar/daygrid": "^4.4.0",
+    "@fullcalendar/interaction": "^4.4.0",
+    "@fullcalendar/list": "^4.4.0",
+    "@fullcalendar/rrule": "^4.4.0",
+    "@fullcalendar/timegrid": "^4.4.0",
+    "chartist": "^0.11.4",
+    "chartist-plugin-legend": "^0.6.2",
+    "chartist-plugin-pointlabels": "^0.0.6",
+    "chartist-plugin-tooltips-updated": "^0.1.2",
+    "codemirror": "^5.51.0",
+    "cytoscape": "^3.13.0",
+    "cytoscape-canvas": "^3.0.1",
+    "cytoscape-context-menus": "^4.0.0",
+    "cytoscape-dagre": "^2.2.1",
+    "cytoscape-grid-guide": "^2.3.0",
+    "diff-match-patch": "^1.0.4",
+    "file-type": "^14.1.3",
+    "fittext.js": "^1.2.0",
+    "flatpickr": "^4.6.3",
+    "fuzzy": "^0.1.3",
+    "gettext.js": "^1.0.0",
+    "gridstack": "^0.6.0",
+    "html5sortable": "^0.9.18",
+    "jquery": "^3.4.1",
+    "jquery-migrate": "^3.1.0",
+    "jquery-mousewheel": "^3.1.13",
+    "jquery-prettytextdiff": "^1.0.4",
+    "jquery-ui": "^1.11.4",
+    "jquery-ui-dist": "^1.11.4",
+    "jquery.autogrow-textarea": "^0.4.1",
+    "jquery.rateit": "^1.1.3",
+    "jstree": "^3.3.8",
+    "leaflet": "^1.6.0",
+    "leaflet-fullscreen": "^1.0.2",
+    "leaflet-spin": "^1.1.0",
+    "leaflet.awesome-markers": "^2.0.5",
+    "leaflet.markercluster": "^1.4.1",
+    "lodash": "^4.17.20",
+    "photoswipe": "^4.1.3",
+    "prismjs": "^1.21.0",
+    "qtip2": "^3.0.3",
+    "rrule": "^2.6.3",
+    "select2": "^4.0.13",
+    "spin.js": "^4.1.0",
+    "tinymce": "^4.9.8",
+    "tinymce-i18n": "^20.4.4",
+    "unorm": "^1.6.0",
+    "@snyk/protect": "latest"
+  },
+  "scripts": {
+    "build": "webpack --config webpack.config.js",
+    "prepare": "npm run snyk-protect",
+    "snyk-protect": "snyk-protect"
+  },
+  "devDependencies": {
+    "acorn": "^7.0.0",
+    "clean-webpack-plugin": "^3.0.0",
+    "copy-webpack-plugin": "^6.0.1",
+    "css-loader": "^3.4.2",
+    "eslint": "^7.1.0",
+    "file-loader": "^6.0.0",
+    "glob": "^7.1.6",
+    "mini-css-extract-plugin": "^0.9.0",
+    "script-loader": "^0.7.2",
+    "strip-sourcemap-loader": "^0.0.1",
+    "terser": "^4.7.0",
+    "webpack": "^4.41.2",
+    "webpack-cli": "^3.3.10"
+  },
+  "snyk": true
 }