From 4f8777b8fb4e7d5c9a4e0cc73a6eb9b33f51e47c Mon Sep 17 00:00:00 2001
From: Joakim Olsson <joakim@unbound.se>
Date: Thu, 26 Nov 2020 07:17:47 +0000
Subject: [PATCH] fix: package.json, yarn.lock & .snyk to reduce
 vulnerabilities

The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
---
 .snyk        | 36 +++++++++++++++++++++++++++++++++++-
 package.json |  2 +-
 yarn.lock    |  2 +-
 3 files changed, 37 insertions(+), 3 deletions(-)

diff --git a/.snyk b/.snyk
index f1b32a7..4a35b77 100644
--- a/.snyk
+++ b/.snyk
@@ -1,5 +1,5 @@
 # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
-version: v1.15.0
+version: v1.19.0
 ignore: {}
 # patches apply the minimum changes required to fix a vulnerability
 patch:
@@ -215,3 +215,37 @@ patch:
         patched: '2020-05-01T01:01:38.423Z'
     - nuxt > @nuxt/telemetry > inquirer > lodash:
         patched: '2020-06-21T15:59:31.404Z'
+    - snyk > graphlib > lodash:
+        patched: '2020-11-26T07:00:40.521Z'
+    - snyk > @snyk/snyk-cocoapods-plugin > @snyk/dep-graph > graphlib > lodash:
+        patched: '2020-11-26T07:00:40.521Z'
+    - snyk > snyk-go-plugin > @snyk/dep-graph > graphlib > lodash:
+        patched: '2020-11-26T07:00:40.521Z'
+    - snyk > snyk-cpp-plugin > @snyk/dep-graph > graphlib > lodash:
+        patched: '2020-11-26T07:00:40.521Z'
+    - snyk > snyk-docker-plugin > @snyk/dep-graph > graphlib > lodash:
+        patched: '2020-11-26T07:00:40.521Z'
+    - snyk > snyk-gradle-plugin > @snyk/java-call-graph-builder > graphlib > lodash:
+        patched: '2020-11-26T07:00:40.521Z'
+    - snyk > snyk-docker-plugin > snyk-nodejs-lockfile-parser > graphlib > lodash:
+        patched: '2020-11-26T07:00:40.521Z'
+    - snyk > snyk-mvn-plugin > @snyk/java-call-graph-builder > graphlib > lodash:
+        patched: '2020-11-26T07:00:40.521Z'
+    - snyk > snyk-gradle-plugin > @snyk/cli-interface > @snyk/dep-graph > graphlib > lodash:
+        patched: '2020-11-26T07:00:40.521Z'
+    - snyk > snyk-mvn-plugin > @snyk/cli-interface > @snyk/dep-graph > graphlib > lodash:
+        patched: '2020-11-26T07:00:40.521Z'
+    - snyk > @snyk/snyk-cocoapods-plugin > @snyk/cocoapods-lockfile-parser > @snyk/dep-graph > graphlib > lodash:
+        patched: '2020-11-26T07:00:40.521Z'
+    - snyk > snyk-php-plugin > @snyk/cli-interface > @snyk/dep-graph > graphlib > lodash:
+        patched: '2020-11-26T07:00:40.521Z'
+    - snyk > snyk-python-plugin > snyk-poetry-lockfile-parser > @snyk/dep-graph > graphlib > lodash:
+        patched: '2020-11-26T07:00:40.521Z'
+    - snyk > snyk-python-plugin > snyk-poetry-lockfile-parser > @snyk/cli-interface > @snyk/dep-graph > graphlib > lodash:
+        patched: '2020-11-26T07:00:40.521Z'
+    - snyk > @snyk/dep-graph > graphlib > lodash:
+        patched: '2020-11-26T07:00:40.521Z'
+    - snyk > snyk-nodejs-lockfile-parser > graphlib > lodash:
+        patched: '2020-11-26T07:00:40.521Z'
+    - snyk > snyk-go-plugin > graphlib > lodash:
+        patched: '2020-11-26T07:00:40.521Z'
diff --git a/package.json b/package.json
index 8e425a5..ab56c54 100644
--- a/package.json
+++ b/package.json
@@ -31,7 +31,7 @@
     "nuxt-composition-api": "^0.9.3",
     "nuxt-i18n": "^6.0.1",
     "sass-loader": "^7.0.3",
-    "snyk": "^1.425.4",
+    "snyk": "^1.431.1",
     "vue": "^2.6.10",
     "vue-numeral-filter": "^1.1.1",
     "vuetify": "^2.1.9"
diff --git a/yarn.lock b/yarn.lock
index d3bca38..ac9df4c 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -12366,7 +12366,7 @@ snyk-try-require@1.3.1, snyk-try-require@^1.1.1, snyk-try-require@^1.3.1:
     lru-cache "^4.0.0"
     then-fs "^2.0.0"
 
-snyk@^1.425.4:
+snyk@1.431.1, snyk@^1.431.1:
   version "1.431.1"
   resolved "https://registry.yarnpkg.com/snyk/-/snyk-1.431.1.tgz#1e360dae1b63d83f74fe90979f7b9a0fb1607aa7"
   integrity sha512-OW48lG89ffLsSZPHwsjfdqQcu3XG6aRQOkwASPCgTAGcVcnXzS9XHB89h0gLsDzk0fZRskEVgYpvXdh4RFjNqA==