From e7e8f264c6d6fc3885ad6447c413f9eb6eb15bb3 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 30 Apr 2020 22:18:28 -0700
Subject: [PATCH 1/2] fix: package.json & .snyk to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-JQUERY-567880


The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
---
 package.json | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/package.json b/package.json
index 4333dfb..9e2b3cf 100644
--- a/package.json
+++ b/package.json
@@ -19,7 +19,9 @@
     "cssfmt": "cssfmt www/css/main.css && git add www/css/main.css",
     "deploy": "gh-pages -d dist -b master",
     "pkg": "webpack -p",
-    "start": "foreman start"
+    "start": "foreman start",
+    "snyk-protect": "snyk protect",
+    "prepublish": "npm run snyk-protect"
   },
   "dependencies": {
     "copy-webpack-plugin": "^3.0.1",
@@ -30,11 +32,12 @@
     "html-loader": "^0.4.3",
     "html-webpack-plugin": "^2.22.0",
     "image-webpack-loader": "^2.0.0",
-    "jquery": "^2.2.2",
+    "jquery": "^3.5.0",
     "style-loader": "^0.13.1",
     "typed.js": "^1.1.1",
     "url-loader": "^0.5.7",
-    "webpack": "^1.13.1"
+    "webpack": "^1.13.1",
+    "snyk": "^1.316.1"
   },
   "devDependencies": {
     "cssfmt": "^2.1.5",
@@ -43,5 +46,6 @@
   },
   "pre-commit": [
     "cssfmt"
-  ]
+  ],
+  "snyk": true
 }

From 45bae7bf23f88b5f534c9eff7b62c8b753fbf7de Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 30 Apr 2020 22:18:29 -0700
Subject: [PATCH 2/2] fix: package.json & .snyk to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-JQUERY-567880


The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
---
 .snyk | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 .snyk

diff --git a/.snyk b/.snyk
new file mode 100644
index 0000000..efa2b84
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,10 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.14.1
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-LODASH-567746:
+    - copy-webpack-plugin > lodash:
+        patched: '2020-05-01T05:18:26.151Z'
+    - html-webpack-plugin > lodash:
+        patched: '2020-05-01T05:18:26.151Z'