From c24e7fe483c3c842809839c7297274afd0de88d3 Mon Sep 17 00:00:00 2001
From: "snyk-io[bot]" <141718529+snyk-io[bot]@users.noreply.github.com>
Date: Thu, 24 Oct 2024 14:48:58 +0000
Subject: [PATCH] fix:
 workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/diff/package.json
 &
 workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/diff/.snyk
 to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ADMZIP-1065796
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-BRACES-6838727
- https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8187303
- https://snyk.io/vuln/SNYK-JS-ENGINEIO-1056749
- https://snyk.io/vuln/SNYK-JS-ENGINEIO-3136336
- https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
- https://snyk.io/vuln/SNYK-JS-IP-7148531
- https://snyk.io/vuln/SNYK-JS-KARMA-2395349
- https://snyk.io/vuln/SNYK-JS-KARMA-2396325
- https://snyk.io/vuln/SNYK-JS-LOG4JS-2348757
- https://snyk.io/vuln/SNYK-JS-MICROMATCH-6838728
- https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818
- https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795
- https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
- https://snyk.io/vuln/SNYK-JS-MOCHA-2863123
- https://snyk.io/vuln/SNYK-JS-MOCHA-561476
- https://snyk.io/vuln/SNYK-JS-NODEFORGE-2330875
- https://snyk.io/vuln/SNYK-JS-NODEFORGE-2331908
- https://snyk.io/vuln/SNYK-JS-ROLLUP-8073097
- https://snyk.io/vuln/SNYK-JS-SOCKETIO-1024859
- https://snyk.io/vuln/SNYK-JS-SOCKETIOPARSER-1056752
- https://snyk.io/vuln/SNYK-JS-SOCKETIOPARSER-3091012
- https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660
- https://snyk.io/vuln/SNYK-JS-USERAGENT-174737
- https://snyk.io/vuln/SNYK-JS-WEBPACK-7840298
- https://snyk.io/vuln/SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555
- https://snyk.io/vuln/SNYK-JS-WS-1296835
- https://snyk.io/vuln/SNYK-JS-WS-7266574
- https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1082936
- https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1255647
- https://snyk.io/vuln/npm:braces:20180219


The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/npm:minimatch:20160620
- https://snyk.io/vuln/npm:request:20160119
---
 .../node_modules/diff/.snyk                   | 19 +++++++++++
 .../node_modules/diff/package.json            | 32 +++++++++++--------
 2 files changed, 38 insertions(+), 13 deletions(-)
 create mode 100644 workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/diff/.snyk

diff --git a/workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/diff/.snyk b/workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/diff/.snyk
new file mode 100644
index 0000000000000..cd23e99a610e1
--- /dev/null
+++ b/workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/diff/.snyk
@@ -0,0 +1,19 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.1
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:minimatch:20160620':
+    - grunt-clean > grunt > glob-whatev > minimatch:
+        patched: '2024-10-24T14:48:52.751Z'
+        id: 'npm:minimatch:20160620'
+        path: grunt-clean > grunt > glob-whatev > minimatch
+    - istanbul > fileset > minimatch:
+        patched: '2024-10-24T14:48:52.751Z'
+        id: 'npm:minimatch:20160620'
+        path: istanbul > fileset > minimatch
+  'npm:request:20160119':
+    - grunt-clean > grunt > prompt > winston > loggly > request:
+        patched: '2024-10-24T14:48:52.751Z'
+        id: 'npm:request:20160119'
+        path: grunt-clean > grunt > prompt > winston > loggly > request
diff --git a/workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/diff/package.json b/workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/diff/package.json
index 67342b76afb63..54838c14fcbf8 100644
--- a/workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/diff/package.json
+++ b/workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/diff/package.json
@@ -27,7 +27,9 @@
   "scripts": {
     "clean": "rm -rf lib/ dist/",
     "build:node": "yarn babel --out-dir lib  --source-maps=inline src",
-    "test": "grunt"
+    "test": "grunt",
+    "prepublish": "npm run snyk-protect",
+    "snyk-protect": "snyk-protect"
   },
   "devDependencies": {
     "@babel/cli": "^7.2.3",
@@ -39,35 +41,39 @@
     "babel-loader": "^8.0.5",
     "chai": "^4.2.0",
     "colors": "^1.3.3",
-    "eslint": "^5.12.0",
+    "eslint": "^9.0.0",
     "grunt": "^1.0.3",
     "grunt-babel": "^8.0.0",
     "grunt-clean": "^0.4.0",
     "grunt-cli": "^1.3.2",
     "grunt-contrib-clean": "^2.0.0",
     "grunt-contrib-copy": "^1.0.0",
-    "grunt-contrib-uglify": "^4.0.0",
+    "grunt-contrib-uglify": "^5.2.1",
     "grunt-contrib-watch": "^1.1.0",
-    "grunt-eslint": "^21.0.0",
+    "grunt-eslint": "^25.0.0",
     "grunt-exec": "^3.0.0",
     "grunt-karma": "^3.0.1",
     "grunt-mocha-istanbul": "^5.0.2",
     "grunt-mocha-test": "^0.13.3",
     "grunt-webpack": "^3.1.3",
     "istanbul": "github:kpdecker/istanbul",
-    "karma": "^3.1.4",
+    "karma": "^6.4.3",
     "karma-chrome-launcher": "^2.2.0",
-    "karma-mocha": "^1.3.0",
+    "karma-mocha": "^2.0.0",
     "karma-mocha-reporter": "^2.0.0",
-    "karma-sauce-launcher": "^2.0.2",
+    "karma-sauce-launcher": "^4.1.5",
     "karma-sourcemap-loader": "^0.3.6",
-    "karma-webpack": "^3.0.5",
-    "mocha": "^5.2.0",
-    "rollup": "^1.0.2",
+    "karma-webpack": "^5.0.0",
+    "mocha": "^10.1.0",
+    "rollup": "^3.29.5",
     "rollup-plugin-babel": "^4.2.0",
     "semver": "^5.6.0",
-    "webpack": "^4.28.3",
-    "webpack-dev-server": "^3.1.14"
+    "webpack": "^5.94.0",
+    "webpack-dev-server": "^4.15.2"
   },
-  "optionalDependencies": {}
+  "optionalDependencies": {},
+  "snyk": true,
+  "dependencies": {
+    "@snyk/protect": "latest"
+  }
 }