From 5ddf8dc8f806de7620b18da5cc10f088a680ae4a Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Fri, 19 Aug 2022 18:10:07 +0000
Subject: [PATCH] fix: package.json & .snyk to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AXIOS-1038255
- https://snyk.io/vuln/SNYK-JS-AXIOS-1579269
- https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2332181
- https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2396346
- https://snyk.io/vuln/SNYK-JS-GRUNT-2635969
- https://snyk.io/vuln/SNYK-JS-GRUNT-2813632
- https://snyk.io/vuln/SNYK-JS-LODASH-1018905
- https://snyk.io/vuln/SNYK-JS-LODASH-1040724
- https://snyk.io/vuln/SNYK-JS-NANOID-2332193
- https://snyk.io/vuln/SNYK-JS-NTHCHECK-1586032


The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
---
 .snyk        | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 package.json | 20 +++++++++++--------
 2 files changed, 66 insertions(+), 8 deletions(-)
 create mode 100644 .snyk

diff --git a/.snyk b/.snyk
new file mode 100644
index 000000000000..d22a7ca24ac9
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,54 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.0
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-LODASH-567746:
+    - eslint > lodash:
+        patched: '2022-08-19T18:10:04.162Z'
+    - grunt-contrib-compress > lodash:
+        patched: '2022-08-19T18:10:04.162Z'
+    - grunt-contrib-watch > lodash:
+        patched: '2022-08-19T18:10:04.162Z'
+    - mock-knex > lodash:
+        patched: '2022-08-19T18:10:04.162Z'
+    - grunt-contrib-clean > async > lodash:
+        patched: '2022-08-19T18:10:04.162Z'
+    - grunt-contrib-watch > async > lodash:
+        patched: '2022-08-19T18:10:04.162Z'
+    - grunt-subgrunt > async > lodash:
+        patched: '2022-08-19T18:10:04.162Z'
+    - eslint > @eslint/eslintrc > lodash:
+        patched: '2022-08-19T18:10:04.162Z'
+    - eslint > table > lodash:
+        patched: '2022-08-19T18:10:04.162Z'
+    - rewire > eslint > lodash:
+        patched: '2022-08-19T18:10:04.162Z'
+    - grunt > grunt-legacy-log > lodash:
+        patched: '2022-08-19T18:10:04.162Z'
+    - grunt-contrib-compress > archiver > lodash:
+        patched: '2022-08-19T18:10:04.162Z'
+    - grunt-contrib-compress > archiver > async > lodash:
+        patched: '2022-08-19T18:10:04.162Z'
+    - rewire > eslint > table > lodash:
+        patched: '2022-08-19T18:10:04.162Z'
+    - rewire > eslint > inquirer > lodash:
+        patched: '2022-08-19T18:10:04.162Z'
+    - eslint-plugin-ghost > eslint-plugin-sort-imports-es6-autofix > eslint > lodash:
+        patched: '2022-08-19T18:10:04.162Z'
+    - grunt > grunt-legacy-log > grunt-legacy-log-utils > lodash:
+        patched: '2022-08-19T18:10:04.162Z'
+    - grunt-contrib-compress > archiver > archiver-utils > lodash:
+        patched: '2022-08-19T18:10:04.162Z'
+    - grunt-contrib-compress > archiver > zip-stream > lodash:
+        patched: '2022-08-19T18:10:04.162Z'
+    - grunt-contrib-watch > gaze > globule > lodash:
+        patched: '2022-08-19T18:10:04.162Z'
+    - grunt-mocha-cli > mocha > yargs-unparser > lodash:
+        patched: '2022-08-19T18:10:04.162Z'
+    - eslint-plugin-ghost > eslint-plugin-sort-imports-es6-autofix > eslint > table > lodash:
+        patched: '2022-08-19T18:10:04.162Z'
+    - eslint-plugin-ghost > eslint-plugin-sort-imports-es6-autofix > eslint > inquirer > lodash:
+        patched: '2022-08-19T18:10:04.162Z'
+    - grunt-contrib-compress > archiver > zip-stream > archiver-utils > lodash:
+        patched: '2022-08-19T18:10:04.162Z'
diff --git a/package.json b/package.json
index fab14d3f9d09..cd0550ec3860 100644
--- a/package.json
+++ b/package.json
@@ -33,7 +33,9 @@
     "lint:test": "eslint -c test/.eslintrc.json --ignore-path test/.eslintignore 'test/**/*.js'",
     "lint": "yarn lint:server && yarn lint:shared && yarn lint:frontend && yarn lint:test",
     "posttest": "yarn lint",
-    "fixmodulenotdefined": "yarn cache clean && cd core/client && rm -rf node_modules tmp dist && yarn && cd ../../"
+    "fixmodulenotdefined": "yarn cache clean && cd core/client && rm -rf node_modules tmp dist && yarn && cd ../../",
+    "prepare": "yarn run snyk-protect",
+    "snyk-protect": "snyk-protect"
   },
   "engines": {
     "node": "^10.13.0 || ^12.10.0 || ^14.14.0",
@@ -66,7 +68,7 @@
     "@tryghost/social-urls": "0.1.14",
     "@tryghost/string": "0.1.13",
     "@tryghost/url-utils": "0.6.22",
-    "@tryghost/vhost-middleware": "1.0.9",
+    "@tryghost/vhost-middleware": "1.0.10",
     "@tryghost/zip": "1.1.4",
     "ajv": "6.12.6",
     "amperize": "0.6.1",
@@ -135,7 +137,8 @@
     "tough-cookie": "4.0.0",
     "uuid": "8.3.1",
     "validator": "6.3.0",
-    "xml": "1.0.1"
+    "xml": "1.0.1",
+    "@snyk/protect": "latest"
   },
   "optionalDependencies": {
     "@tryghost/html-to-mobiledoc": "0.7.5",
@@ -144,10 +147,10 @@
   "devDependencies": {
     "@lodder/grunt-postcss": "3.0.0",
     "coffeescript": "2.5.1",
-    "cssnano": "4.1.10",
+    "cssnano": "5.0.0",
     "eslint": "7.11.0",
     "eslint-plugin-ghost": "2.0.0",
-    "grunt": "1.3.0",
+    "grunt": "1.5.3",
     "grunt-bg-shell": "2.3.3",
     "grunt-contrib-clean": "2.0.0",
     "grunt-contrib-compress": "1.6.0",
@@ -160,8 +163,8 @@
     "grunt-shell": "3.0.1",
     "grunt-subgrunt": "1.3.0",
     "grunt-update-submodules": "0.4.1",
-    "jwks-rsa": "1.10.1",
-    "mocha": "8.2.0",
+    "jwks-rsa": "1.12.1",
+    "mocha": "9.2.0",
     "mock-knex": "0.4.9",
     "nock": "13.0.4",
     "papaparse": "5.3.0",
@@ -175,5 +178,6 @@
   "resolutions": {
     "moment": "2.24.0",
     "moment-timezone": "0.5.23"
-  }
+  },
+  "snyk": true
 }