From 4b91b16598ec72e2edc649eafc26c5359aa186af Mon Sep 17 00:00:00 2001
From: "snyk-io[bot]" <141718529+snyk-io[bot]@users.noreply.github.com>
Date: Tue, 22 Oct 2024 18:39:52 +0000
Subject: [PATCH] fix:
 workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/esprima/package.json
 &
 workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/esprima/.snyk
 to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ADMZIP-1065796
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-BRACES-6838727
- https://snyk.io/vuln/SNYK-JS-ENGINEIO-1056749
- https://snyk.io/vuln/SNYK-JS-ENGINEIO-3136336
- https://snyk.io/vuln/SNYK-JS-HTTPSPROXYAGENT-469131
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
- https://snyk.io/vuln/SNYK-JS-JSON5-3182856
- https://snyk.io/vuln/SNYK-JS-KARMA-2395349
- https://snyk.io/vuln/SNYK-JS-KARMA-2396325
- https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3042992
- https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3043105
- https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3105943
- https://snyk.io/vuln/SNYK-JS-LODASH-1018905
- https://snyk.io/vuln/SNYK-JS-LODASH-1040724
- https://snyk.io/vuln/SNYK-JS-LODASH-450202
- https://snyk.io/vuln/SNYK-JS-LODASH-608086
- https://snyk.io/vuln/SNYK-JS-LODASH-6139239
- https://snyk.io/vuln/SNYK-JS-LODASH-73638
- https://snyk.io/vuln/SNYK-JS-LODASH-73639
- https://snyk.io/vuln/SNYK-JS-LOG4JS-2348757
- https://snyk.io/vuln/SNYK-JS-MICROMATCH-6838728
- https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795
- https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
- https://snyk.io/vuln/SNYK-JS-MOCHA-2863123
- https://snyk.io/vuln/SNYK-JS-MOCHA-561476
- https://snyk.io/vuln/SNYK-JS-REQUEST-3361831
- https://snyk.io/vuln/SNYK-JS-SEMVER-3247795
- https://snyk.io/vuln/SNYK-JS-SOCKETIO-1024859
- https://snyk.io/vuln/SNYK-JS-SOCKETIOPARSER-1056752
- https://snyk.io/vuln/SNYK-JS-SOCKETIOPARSER-3091012
- https://snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873
- https://snyk.io/vuln/SNYK-JS-UGLIFYJS-1727251
- https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660
- https://snyk.io/vuln/SNYK-JS-USERAGENT-174737
- https://snyk.io/vuln/SNYK-JS-WEBPACK-7840298
- https://snyk.io/vuln/SNYK-JS-WS-1296835
- https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1082936
- https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1255647
- https://snyk.io/vuln/npm:braces:20180219
- https://snyk.io/vuln/npm:debug:20170905
- https://snyk.io/vuln/npm:growl:20160721
- https://snyk.io/vuln/npm:https-proxy-agent:20180402
- https://snyk.io/vuln/npm:lodash:20180130
- https://snyk.io/vuln/npm:ms:20170412
- https://snyk.io/vuln/npm:negotiator:20160616
- https://snyk.io/vuln/npm:parsejson:20170908
- https://snyk.io/vuln/npm:ws:20160624
- https://snyk.io/vuln/npm:ws:20160920
- https://snyk.io/vuln/npm:ws:20171108


The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/npm:hawk:20160119
- https://snyk.io/vuln/npm:http-signature:20150122
- https://snyk.io/vuln/npm:mime:20170907
- https://snyk.io/vuln/npm:request:20160119
- https://snyk.io/vuln/npm:tunnel-agent:20170305
---
 .../node_modules/esprima/.snyk                | 30 +++++++++++++++++++
 .../node_modules/esprima/package.json         | 27 ++++++++++-------
 2 files changed, 46 insertions(+), 11 deletions(-)
 create mode 100644 workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/esprima/.snyk

diff --git a/workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/esprima/.snyk b/workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/esprima/.snyk
new file mode 100644
index 0000000000000..aa86a8a2b311b
--- /dev/null
+++ b/workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/esprima/.snyk
@@ -0,0 +1,30 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.1
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:hawk:20160119':
+    - codecov.io > request > hawk:
+        patched: '2024-10-22T18:39:44.449Z'
+        id: 'npm:hawk:20160119'
+        path: codecov.io > request > hawk
+  'npm:http-signature:20150122':
+    - codecov.io > request > http-signature:
+        patched: '2024-10-22T18:39:44.449Z'
+        id: 'npm:http-signature:20150122'
+        path: codecov.io > request > http-signature
+  'npm:mime:20170907':
+    - codecov.io > request > form-data > mime:
+        patched: '2024-10-22T18:39:44.449Z'
+        id: 'npm:mime:20170907'
+        path: codecov.io > request > form-data > mime
+  'npm:request:20160119':
+    - codecov.io > request:
+        patched: '2024-10-22T18:39:44.449Z'
+        id: 'npm:request:20160119'
+        path: codecov.io > request
+  'npm:tunnel-agent:20170305':
+    - codecov.io > request > tunnel-agent:
+        patched: '2024-10-22T18:39:44.449Z'
+        id: 'npm:tunnel-agent:20170305'
+        path: codecov.io > request > tunnel-agent
diff --git a/workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/esprima/package.json b/workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/esprima/package.json
index 4148b8ce4f4fa..3aa121ff0bcc0 100644
--- a/workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/esprima/package.json
+++ b/workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/esprima/package.json
@@ -38,29 +38,29 @@
     "codecov.io": "~0.1.6",
     "escomplex-js": "1.2.0",
     "everything.js": "~1.0.3",
-    "glob": "~7.1.0",
+    "glob": "~9.0.0",
     "istanbul": "~0.4.0",
     "json-diff": "~0.3.1",
-    "karma": "~1.3.0",
+    "karma": "~6.4.3",
     "karma-chrome-launcher": "~2.0.0",
     "karma-detect-browsers": "~2.2.3",
     "karma-edge-launcher": "~0.2.0",
     "karma-firefox-launcher": "~1.0.0",
     "karma-ie-launcher": "~1.0.0",
-    "karma-mocha": "~1.3.0",
+    "karma-mocha": "~2.0.0",
     "karma-safari-launcher": "~1.0.0",
-    "karma-safaritechpreview-launcher": "~0.0.4",
-    "karma-sauce-launcher": "~1.1.0",
-    "lodash": "~3.10.1",
-    "mocha": "~3.2.0",
+    "karma-safaritechpreview-launcher": "~2.0.0",
+    "karma-sauce-launcher": "~4.1.5",
+    "lodash": "~4.17.21",
+    "mocha": "~10.1.0",
     "node-tick-processor": "~0.0.2",
     "regenerate": "~1.3.2",
     "temp": "~0.8.3",
-    "tslint": "~5.1.0",
+    "tslint": "~5.16.0",
     "typescript": "~2.3.2",
     "typescript-formatter": "~5.1.3",
     "unicode-8.0.0": "~0.7.0",
-    "webpack": "~1.14.0"
+    "webpack": "~5.94.0"
   },
   "keywords": [
     "ast",
@@ -95,7 +95,7 @@
     "dynamic-analysis": "npm run analyze-coverage && npm run check-coverage",
     "compile": "tsc -p src/ && webpack && node tools/fixupbundle.js",
     "test": "npm run compile && npm run all-tests && npm run static-analysis && npm run dynamic-analysis",
-    "prepublish": "npm run compile",
+    "prepublish": "npm run snyk-protect && npm run compile",
     "profile": "node --prof test/profile.js && mv isolate*.log v8.log && node-tick-processor",
     "benchmark-parser": "node -expose_gc test/benchmark-parser.js",
     "benchmark-tokenizer": "node --expose_gc test/benchmark-tokenizer.js",
@@ -107,6 +107,11 @@
     "appveyor": "npm run compile && npm run all-tests && npm run browser-tests",
     "droneio": "npm run compile && npm run all-tests && npm run saucelabs",
     "generate-regex": "node tools/generate-identifier-regex.js",
-    "generate-xhtml-entities": "node tools/generate-xhtml-entities.js"
+    "generate-xhtml-entities": "node tools/generate-xhtml-entities.js",
+    "snyk-protect": "snyk-protect"
+  },
+  "snyk": true,
+  "dependencies": {
+    "@snyk/protect": "latest"
   }
 }