From a6b114b2fe904d461a864f2b15ac3e56029eaf0b Mon Sep 17 00:00:00 2001
From: snyk-test <snyk-test@snyk.io>
Date: Wed, 3 Jul 2019 21:34:25 +0000
Subject: [PATCH] fix: .snyk & package.json to reduce vulnerabilities

The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/SNYK-JS-LODASH-450202
---
 .snyk        |  14 ++++
 package.json | 199 +++++++++++++++++++++++++++------------------------
 2 files changed, 119 insertions(+), 94 deletions(-)
 create mode 100644 .snyk

diff --git a/.snyk b/.snyk
new file mode 100644
index 0000000..99d11b7
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,14 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.13.5
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-LODASH-450202:
+    - moonlet-core > babel-plugin-transform-builtin-extend > babel-template > lodash:
+        patched: '2019-07-03T21:34:22.523Z'
+    - moonlet-core > babel-plugin-transform-builtin-extend > babel-template > babel-types > lodash:
+        patched: '2019-07-03T21:34:22.523Z'
+    - moonlet-core > babel-plugin-transform-builtin-extend > babel-template > babel-traverse > lodash:
+        patched: '2019-07-03T21:34:22.523Z'
+    - moonlet-core > babel-plugin-transform-builtin-extend > babel-template > babel-traverse > babel-types > lodash:
+        patched: '2019-07-03T21:34:22.523Z'
diff --git a/package.json b/package.json
index 52db15f..405749a 100644
--- a/package.json
+++ b/package.json
@@ -1,97 +1,108 @@
 {
-    "private": true,
-    "name": "moonlet",
-    "version": "0.31.0",
-    "license": "MIT",
-    "scripts": {
-        "start": "npm run dev:web",
-        "build": "node scripts/update-extension-version.js && npm run build:ext -- --dest build/extension",
-        "deploy": "npm run build && npx firebase deploy --token $FIREBASE_TOKEN",
-        "publish:ext": "node scripts/publish-extension.js",
-        "build:web": "preact build --config ./config/web.config.js --template src/platforms/web/index.html --no-prerender",
-        "build:ext": "preact build --config ./config/extension.config.js --template src/platforms/extension/index.html --no-prerender",
-        "dev:web": "preact watch --https --config ./config/web.config.js --template src/platforms/web/index.html ",
-        "dev:ext": "rm -rf build && preact watch --config ./config/extension.config.js --template src/platforms/extension/index.html --port 8181",
-        "zip:ext": "node scripts/create-build-zip.js",
-        "lint": "tslint --fix 'src/**/*.{ts,tsx}'",
-        "prettier": "prettier --write \"**/*.{js,ts,tsx,scss,json}\" --ignore-path .gitignore",
-        "test": "jest",
-        "snyk": "snyk test",
-        "sentry:deploy": "VERSION=`node -e \"console.log(require('./package.json').version)\"` && sentry-cli releases -o cryptoland -p moonlet-wallet set-commits $VERSION --auto && sentry-cli releases -o cryptoland -p moonlet-wallet files $VERSION upload-sourcemaps build/extension",
-        "release": "npm version minor -m 'bump version' && git push && git push --tags"
-    },
-    "eslintConfig": {
-        "extends": "eslint-config-synacor"
-    },
-    "eslintIgnore": ["build/*"],
-    "devDependencies": {
-        "@sentry/cli": "^1.41.2",
-        "@types/chrome": "0.0.77",
-        "@types/crypto-js": "^3.1.43",
-        "@types/jest": "^23.3.2",
-        "babel-plugin-transform-builtin-extend": "^1.1.2",
-        "chrome-webstore-upload": "^0.2.2",
-        "eslint": "^5.12.1",
-        "eslint-config-synacor": "^3.0.3",
-        "firebase-tools": "^6.3.0",
-        "husky": "^1.0.0-rc.13",
-        "identity-obj-proxy": "^3.0.0",
-        "if-env": "^1.0.0",
-        "jest": "^23.6.0",
-        "lint-staged": "^8.1.0",
-        "node-sass": "^4.9.2",
-        "preact-cli": "^2.0.0",
-        "preact-cli-plugin-typescript": "^0.2.2",
-        "prettier": "1.16.1",
-        "sass-loader": "^7.1.0",
-        "snyk": "^1.122.3",
-        "ts-jest": "^23.1.4",
-        "tslint": "^5.11.0",
-        "tslint-config-prettier": "^1.15.0",
-        "tslint-microsoft-contrib": "^6.0.0",
-        "typescript": "^3.2.1",
-        "web-ext-types": "^3.1.0",
-        "webpack-bundle-analyzer": "^3.3.2",
-        "write-file-webpack-plugin": "^4.3.2",
-        "zip-folder": "^1.0.0"
-    },
-    "dependencies": {
-        "@ledgerhq/hw-app-eth": "^4.38.6",
-        "@ledgerhq/hw-transport-u2f": "^4.38.6",
-        "@ledgerhq/hw-transport-webusb": "^4.55.0",
-        "@sentry/browser": "^5.4.3",
-        "@zilliqa-js/crypto": "^0.6.3",
-        "@zilliqa-js/util": "^0.6.3",
-        "babel-polyfill": "^6.26.0",
-        "bignumber.js": "8.0.2",
-        "bind-decorator": "^1.0.11",
-        "crypto-js": "3.1.9-1",
-        "dapp-wallet-util": "https://github.com/cryptolandtech/dapp-wallet-util.git",
-        "history": "4.7.2",
-        "moonlet-core": "git+https://github.com/cryptolandtech/moonlet-core.git",
-        "preact": "8.4.2",
-        "preact-async-route": "2.2.1",
-        "preact-compat": "3.18.4",
-        "preact-material-components": "1.5.5",
-        "preact-redux": "2.0.2",
-        "preact-render-spy": "^1.3.0",
-        "preact-router": "2.6.1",
-        "qrcode.react": "0.9.2",
-        "react-copy-to-clipboard": "^5.0.1",
-        "react-textarea-autosize": "7.1.0",
-        "redux": "4.0.1",
-        "redux-thunk": "2.3.0",
-        "uuid": "^3.3.2",
-        "webextension-polyfill-ts": "0.8.9",
-        "zil-ledger-js-interface": "^0.1.1"
-    },
-    "husky": {
-        "hooks": {
-            "pre-commit": "lint-staged"
-        }
-    },
-    "lint-staged": {
-        "*.{ts,tsx,scss,json,js}": ["npm run prettier", "git add"],
-        "*.{ts,tsx}": ["npm run lint", "git add"]
+  "private": true,
+  "name": "moonlet",
+  "version": "0.31.0",
+  "license": "MIT",
+  "scripts": {
+    "start": "npm run dev:web",
+    "build": "node scripts/update-extension-version.js && npm run build:ext -- --dest build/extension",
+    "deploy": "npm run build && npx firebase deploy --token $FIREBASE_TOKEN",
+    "publish:ext": "node scripts/publish-extension.js",
+    "build:web": "preact build --config ./config/web.config.js --template src/platforms/web/index.html --no-prerender",
+    "build:ext": "preact build --config ./config/extension.config.js --template src/platforms/extension/index.html --no-prerender",
+    "dev:web": "preact watch --https --config ./config/web.config.js --template src/platforms/web/index.html ",
+    "dev:ext": "rm -rf build && preact watch --config ./config/extension.config.js --template src/platforms/extension/index.html --port 8181",
+    "zip:ext": "node scripts/create-build-zip.js",
+    "lint": "tslint --fix 'src/**/*.{ts,tsx}'",
+    "prettier": "prettier --write \"**/*.{js,ts,tsx,scss,json}\" --ignore-path .gitignore",
+    "test": "jest",
+    "snyk": "snyk test",
+    "sentry:deploy": "VERSION=`node -e \"console.log(require('./package.json').version)\"` && sentry-cli releases -o cryptoland -p moonlet-wallet set-commits $VERSION --auto && sentry-cli releases -o cryptoland -p moonlet-wallet files $VERSION upload-sourcemaps build/extension",
+    "release": "npm version minor -m 'bump version' && git push && git push --tags",
+    "snyk-protect": "snyk protect",
+    "prepublish": "npm run snyk-protect"
+  },
+  "eslintConfig": {
+    "extends": "eslint-config-synacor"
+  },
+  "eslintIgnore": [
+    "build/*"
+  ],
+  "devDependencies": {
+    "@sentry/cli": "^1.41.2",
+    "@types/chrome": "0.0.77",
+    "@types/crypto-js": "^3.1.43",
+    "@types/jest": "^23.3.2",
+    "babel-plugin-transform-builtin-extend": "^1.1.2",
+    "chrome-webstore-upload": "^0.2.2",
+    "eslint": "^5.12.1",
+    "eslint-config-synacor": "^3.0.3",
+    "firebase-tools": "^6.3.0",
+    "husky": "^1.0.0-rc.13",
+    "identity-obj-proxy": "^3.0.0",
+    "if-env": "^1.0.0",
+    "jest": "^23.6.0",
+    "lint-staged": "^8.1.0",
+    "node-sass": "^4.9.2",
+    "preact-cli": "^2.0.0",
+    "preact-cli-plugin-typescript": "^0.2.2",
+    "prettier": "1.16.1",
+    "sass-loader": "^7.1.0",
+    "ts-jest": "^23.1.4",
+    "tslint": "^5.11.0",
+    "tslint-config-prettier": "^1.15.0",
+    "tslint-microsoft-contrib": "^6.0.0",
+    "typescript": "^3.2.1",
+    "web-ext-types": "^3.1.0",
+    "webpack-bundle-analyzer": "^3.3.2",
+    "write-file-webpack-plugin": "^4.3.2",
+    "zip-folder": "^1.0.0"
+  },
+  "dependencies": {
+    "@ledgerhq/hw-app-eth": "^4.38.6",
+    "@ledgerhq/hw-transport-u2f": "^4.38.6",
+    "@ledgerhq/hw-transport-webusb": "^4.55.0",
+    "@sentry/browser": "^5.4.3",
+    "@zilliqa-js/crypto": "^0.6.3",
+    "@zilliqa-js/util": "^0.6.3",
+    "babel-polyfill": "^6.26.0",
+    "bignumber.js": "8.0.2",
+    "bind-decorator": "^1.0.11",
+    "crypto-js": "3.1.9-1",
+    "dapp-wallet-util": "https://github.com/cryptolandtech/dapp-wallet-util.git",
+    "history": "4.7.2",
+    "moonlet-core": "git+https://github.com/cryptolandtech/moonlet-core.git",
+    "preact": "8.4.2",
+    "preact-async-route": "2.2.1",
+    "preact-compat": "3.18.4",
+    "preact-material-components": "1.5.5",
+    "preact-redux": "2.0.2",
+    "preact-render-spy": "^1.3.0",
+    "preact-router": "2.6.1",
+    "qrcode.react": "0.9.2",
+    "react-copy-to-clipboard": "^5.0.1",
+    "react-textarea-autosize": "7.1.0",
+    "redux": "4.0.1",
+    "redux-thunk": "2.3.0",
+    "uuid": "^3.3.2",
+    "webextension-polyfill-ts": "0.8.9",
+    "zil-ledger-js-interface": "^0.1.1",
+    "snyk": "^1.189.0"
+  },
+  "husky": {
+    "hooks": {
+      "pre-commit": "lint-staged"
     }
+  },
+  "lint-staged": {
+    "*.{ts,tsx,scss,json,js}": [
+      "npm run prettier",
+      "git add"
+    ],
+    "*.{ts,tsx}": [
+      "npm run lint",
+      "git add"
+    ]
+  },
+  "snyk": true
 }