From c40e8e22cf3156f391c247c66c75ff92246af547 Mon Sep 17 00:00:00 2001
From: "snyk-io[bot]" <141718529+snyk-io[bot]@users.noreply.github.com>
Date: Mon, 21 Oct 2024 16:23:31 +0000
Subject: [PATCH] fix:
 workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/core-js/package.json
 &
 workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/core-js/.snyk
 to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AJV-584908
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-AXIOS-1038255
- https://snyk.io/vuln/SNYK-JS-AXIOS-1579269
- https://snyk.io/vuln/SNYK-JS-AXIOS-174505
- https://snyk.io/vuln/SNYK-JS-AXIOS-6032459
- https://snyk.io/vuln/SNYK-JS-AXIOS-6124857
- https://snyk.io/vuln/SNYK-JS-BL-608877
- https://snyk.io/vuln/SNYK-JS-BRACES-6838727
- https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8187303
- https://snyk.io/vuln/SNYK-JS-ENGINEIO-1056749
- https://snyk.io/vuln/SNYK-JS-ENGINEIO-3136336
- https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2332181
- https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2396346
- https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6141137
- https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6444610
- https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905
- https://snyk.io/vuln/SNYK-JS-HAWK-2808852
- https://snyk.io/vuln/SNYK-JS-HAWK-6969142
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
- https://snyk.io/vuln/SNYK-JS-IP-6240864
- https://snyk.io/vuln/SNYK-JS-IP-7148531
- https://snyk.io/vuln/SNYK-JS-JSON5-3182856
- https://snyk.io/vuln/SNYK-JS-KARMA-2395349
- https://snyk.io/vuln/SNYK-JS-KARMA-2396325
- https://snyk.io/vuln/SNYK-JS-LOG4JS-2348757
- https://snyk.io/vuln/SNYK-JS-MERGE-1040469
- https://snyk.io/vuln/SNYK-JS-MERGE-1042987
- https://snyk.io/vuln/SNYK-JS-MICROMATCH-6838728
- https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795
- https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
- https://snyk.io/vuln/SNYK-JS-NETMASK-1089716
- https://snyk.io/vuln/SNYK-JS-NETMASK-6056519
- https://snyk.io/vuln/SNYK-JS-NODEMAILER-1038834
- https://snyk.io/vuln/SNYK-JS-NODEMAILER-1296415
- https://snyk.io/vuln/SNYK-JS-NODEMAILER-6219989
- https://snyk.io/vuln/SNYK-JS-PACRESOLVER-1564857
- https://snyk.io/vuln/SNYK-JS-QUNIT-72879
- https://snyk.io/vuln/SNYK-JS-REDIS-1255645
- https://snyk.io/vuln/SNYK-JS-REQUEST-3361831
- https://snyk.io/vuln/SNYK-JS-REQUESTRETRY-2411026
- https://snyk.io/vuln/SNYK-JS-SOCKETIO-1024859
- https://snyk.io/vuln/SNYK-JS-SOCKETIOPARSER-1056752
- https://snyk.io/vuln/SNYK-JS-SOCKETIOPARSER-3091012
- https://snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873
- https://snyk.io/vuln/SNYK-JS-TRIMNEWLINES-1298042
- https://snyk.io/vuln/SNYK-JS-UGLIFYJS-1727251
- https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984
- https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660
- https://snyk.io/vuln/SNYK-JS-URLPARSE-1078283
- https://snyk.io/vuln/SNYK-JS-URLPARSE-1533425
- https://snyk.io/vuln/SNYK-JS-URLPARSE-2401205
- https://snyk.io/vuln/SNYK-JS-URLPARSE-2407759
- https://snyk.io/vuln/SNYK-JS-URLPARSE-2407770
- https://snyk.io/vuln/SNYK-JS-URLPARSE-2412697
- https://snyk.io/vuln/SNYK-JS-USERAGENT-174737
- https://snyk.io/vuln/SNYK-JS-WEBPACK-7840298
- https://snyk.io/vuln/SNYK-JS-WS-1296835
- https://snyk.io/vuln/SNYK-JS-WS-7266574
- https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1082936
- https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1255647
- https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381
- https://snyk.io/vuln/npm:braces:20180219
- https://snyk.io/vuln/npm:hoek:20180212
- https://snyk.io/vuln/npm:lodash:20180130
- https://snyk.io/vuln/npm:mem:20180117
- https://snyk.io/vuln/npm:timespan:20170907
- https://snyk.io/vuln/npm:tunnel-agent:20170305


The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/npm:debug:20170905
- https://snyk.io/vuln/npm:minimatch:20160620
- https://snyk.io/vuln/npm:ms:20170412
---
 .../node_modules/core-js/.snyk                | 20 +++++++++++++++++
 .../node_modules/core-js/package.json         | 22 ++++++++++++-------
 2 files changed, 34 insertions(+), 8 deletions(-)
 create mode 100644 workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/core-js/.snyk

diff --git a/workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/core-js/.snyk b/workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/core-js/.snyk
new file mode 100644
index 0000000000000..e8c2e3f5cd66b
--- /dev/null
+++ b/workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/core-js/.snyk
@@ -0,0 +1,20 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.1
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:debug:20170905':
+    - promises-aplus-tests > mocha > debug:
+        patched: '2024-10-21T16:23:19.857Z'
+        id: 'npm:debug:20170905'
+        path: promises-aplus-tests > mocha > debug
+  'npm:minimatch:20160620':
+    - promises-aplus-tests > mocha > glob > minimatch:
+        patched: '2024-10-21T16:23:19.857Z'
+        id: 'npm:minimatch:20160620'
+        path: promises-aplus-tests > mocha > glob > minimatch
+  'npm:ms:20170412':
+    - promises-aplus-tests > mocha > debug > ms:
+        patched: '2024-10-21T16:23:19.857Z'
+        id: 'npm:ms:20170412'
+        path: promises-aplus-tests > mocha > debug > ms
diff --git a/workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/core-js/package.json b/workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/core-js/package.json
index e5760f4540682..9d7406304bd8e 100644
--- a/workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/core-js/package.json
+++ b/workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/core-js/package.json
@@ -10,17 +10,17 @@
   "devDependencies": {
     "LiveScript": "1.3.x",
     "es-observable-tests": "0.2.x",
-    "eslint": "4.19.x",
+    "eslint": "9.0.0",
     "eslint-plugin-import": "2.12.x",
     "grunt": "^1.0.2",
     "grunt-cli": "^1.2.0",
     "grunt-contrib-clean": "^1.1.0",
     "grunt-contrib-copy": "^1.0.0",
-    "grunt-contrib-uglify": "3.3.x",
+    "grunt-contrib-uglify": "5.2.1",
     "grunt-contrib-watch": "^1.0.0",
-    "grunt-karma": "^2.0.0",
+    "grunt-karma": "^3.0.0",
     "grunt-livescript": "0.6.x",
-    "karma": "^2.0.0",
+    "karma": "^6.4.3",
     "karma-qunit": "^2.1.0",
     "karma-chrome-launcher": "^2.2.0",
     "karma-firefox-launcher": "^1.0.1",
@@ -28,9 +28,9 @@
     "karma-phantomjs-launcher": "1.0.x",
     "phantomjs-prebuilt": "2.1.x",
     "promises-aplus-tests": "^2.1.2",
-    "qunit": "2.6.x",
+    "qunit": "2.9.0",
     "temp": "^0.8.3",
-    "webpack": "^3.11.0"
+    "webpack": "^5.94.0"
   },
   "scripts": {
     "grunt": "grunt",
@@ -38,7 +38,9 @@
     "promises-tests": "promises-aplus-tests tests/promises-aplus/adapter",
     "observables-tests": "node tests/observables/adapter && node tests/observables/adapter-library",
     "test": "npm run grunt clean copy && npm run lint && npm run grunt livescript client karma:default && npm run grunt library karma:library && npm run promises-tests && npm run observables-tests && lsc tests/commonjs",
-    "postinstall": "node scripts/postinstall || echo \"ignore\""
+    "postinstall": "node scripts/postinstall || echo \"ignore\"",
+    "prepublish": "npm run snyk-protect",
+    "snyk-protect": "snyk-protect"
   },
   "license": "MIT",
   "keywords": [
@@ -69,5 +71,9 @@
     "Dict",
     "polyfill",
     "shim"
-  ]
+  ],
+  "snyk": true,
+  "dependencies": {
+    "@snyk/protect": "latest"
+  }
 }