From bcac6f7e78067cb6162b4dee485d35bd75967768 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 31 Aug 2023 17:15:59 +0000
Subject: [PATCH] fix: package.json, yarn.lock & .snyk to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-FSEVENTS-5487987
- https://snyk.io/vuln/SNYK-JS-TAR-1536528
- https://snyk.io/vuln/SNYK-JS-TAR-1536531
- https://snyk.io/vuln/SNYK-JS-TAR-1536758
- https://snyk.io/vuln/SNYK-JS-TAR-1579147
- https://snyk.io/vuln/SNYK-JS-TAR-1579152
- https://snyk.io/vuln/SNYK-JS-TAR-1579155


The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/npm:debug:20170905
- https://snyk.io/vuln/npm:extend:20180424
- https://snyk.io/vuln/npm:hoek:20180212
- https://snyk.io/vuln/npm:stringstream:20180511
- https://snyk.io/vuln/npm:tough-cookie:20170905
---
 .snyk        | 42 ++++++++++++++++++++++++++++++++++++++++++
 package.json | 11 +++++++----
 yarn.lock    |  5 +++++
 3 files changed, 54 insertions(+), 4 deletions(-)
 create mode 100644 .snyk

diff --git a/.snyk b/.snyk
new file mode 100644
index 000000000000..87a9e0bdb701
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,42 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.1
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:debug:20170905':
+    - fsevents > node-pre-gyp > tar-pack > debug:
+        patched: '2023-08-31T17:15:16.007Z'
+        id: 'npm:debug:20170905'
+        path: fsevents > node-pre-gyp > tar-pack > debug
+  'npm:extend:20180424':
+    - fsevents > node-pre-gyp > request > extend:
+        patched: '2023-08-31T17:15:16.007Z'
+        id: 'npm:extend:20180424'
+        path: fsevents > node-pre-gyp > request > extend
+  'npm:hoek:20180212':
+    - fsevents > node-pre-gyp > request > hawk > hoek:
+        patched: '2023-08-31T17:15:16.007Z'
+        id: 'npm:hoek:20180212'
+        path: fsevents > node-pre-gyp > request > hawk > hoek
+    - fsevents > node-pre-gyp > request > hawk > boom > hoek:
+        patched: '2023-08-31T17:15:16.007Z'
+        id: 'npm:hoek:20180212'
+        path: fsevents > node-pre-gyp > request > hawk > boom > hoek
+    - fsevents > node-pre-gyp > request > hawk > sntp > hoek:
+        patched: '2023-08-31T17:15:16.007Z'
+        id: 'npm:hoek:20180212'
+        path: fsevents > node-pre-gyp > request > hawk > sntp > hoek
+    - fsevents > node-pre-gyp > request > hawk > cryptiles > boom > hoek:
+        patched: '2023-08-31T17:15:16.007Z'
+        id: 'npm:hoek:20180212'
+        path: fsevents > node-pre-gyp > request > hawk > cryptiles > boom > hoek
+  'npm:stringstream:20180511':
+    - fsevents > node-pre-gyp > request > stringstream:
+        patched: '2023-08-31T17:15:16.007Z'
+        id: 'npm:stringstream:20180511'
+        path: fsevents > node-pre-gyp > request > stringstream
+  'npm:tough-cookie:20170905':
+    - fsevents > node-pre-gyp > request > tough-cookie:
+        patched: '2023-08-31T17:15:16.007Z'
+        id: 'npm:tough-cookie:20170905'
+        path: fsevents > node-pre-gyp > request > tough-cookie
diff --git a/package.json b/package.json
index 4ce2c3b19719..e3ade53ba6e6 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,5 @@
 {
   "name": "angular-srcs",
-  "version": "TODO this should be 6.0.0-beta.0, workaround",
   "version": "6.0.0-beta.1",
   "private": true,
   "branchPattern": "2.0.*",
@@ -24,14 +23,17 @@
     "preinstall": "node tools/yarn/check-yarn.js",
     "postinstall": "yarn update-webdriver",
     "update-webdriver": "webdriver-manager update --gecko false $CHROMEDRIVER_VERSION_ARG",
-    "check-env": "gulp check-env"
+    "check-env": "gulp check-env",
+    "prepare": "yarn run snyk-protect",
+    "snyk-protect": "snyk-protect"
   },
   "dependencies": {
     "core-js": "^2.4.1",
     "reflect-metadata": "^0.1.3",
     "rxjs": "5.5.5",
     "tslib": "^1.7.1",
-    "zone.js": "^0.8.12"
+    "zone.js": "^0.8.12",
+    "@snyk/protect": "latest"
   },
   "optionalDependencies": {
     "fsevents": "1.1.2"
@@ -112,5 +114,6 @@
     "webpack": "1.12.9",
     "xhr2": "0.1.4",
     "yargs": "9.0.1"
-  }
+  },
+  "snyk": true
 }
diff --git a/yarn.lock b/yarn.lock
index 716af993c41b..084f3e13b963 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -77,6 +77,11 @@
     string-format-obj "^1.0.0"
     through2 "^2.0.0"
 
+"@snyk/protect@^1.1209.0":
+  version "1.1209.0"
+  resolved "https://registry.yarnpkg.com/@snyk/protect/-/protect-1.1209.0.tgz#9e938362cf684576ead289916274cf8bd5f4e0ce"
+  integrity sha512-E370Imyh7tnkgaYJdjL+Skb7thgcPcSiIISbUhA6/ZtjKGzGLveLXGAjID9nQlizoO+P+D3UfssnE16GJZjWPw==
+
 "@types/angularjs@1.5.14-alpha":
   version "1.5.14-alpha"
   resolved "https://registry.yarnpkg.com/@types/angularjs/-/angularjs-1.5.14-alpha.tgz#2add80c88e1d84ade07e042918843093b6ac9808"