From 9036e888d9ab6472382709b8f15d78c1df686b62 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Wed, 26 Apr 2023 17:03:13 +0000
Subject: [PATCH] fix:
 test/fixtures/qs-package/node_modules/snyk/node_modules/semver/package.json &
 test/fixtures/qs-package/node_modules/snyk/node_modules/semver/.snyk to
 reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-HAWK-2808852
- https://snyk.io/vuln/SNYK-JS-JSYAML-173999
- https://snyk.io/vuln/SNYK-JS-JSYAML-174129
- https://snyk.io/vuln/SNYK-JS-LODASH-1018905
- https://snyk.io/vuln/SNYK-JS-LODASH-1040724
- https://snyk.io/vuln/SNYK-JS-LODASH-450202
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
- https://snyk.io/vuln/SNYK-JS-LODASH-608086
- https://snyk.io/vuln/SNYK-JS-LODASH-73638
- https://snyk.io/vuln/SNYK-JS-LODASH-73639
- https://snyk.io/vuln/SNYK-JS-MINIMATCH-1019388
- https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818
- https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795
- https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
- https://snyk.io/vuln/npm:hoek:20180212
- https://snyk.io/vuln/npm:lodash:20180130
- https://snyk.io/vuln/npm:minimatch:20160620
- https://snyk.io/vuln/npm:tunnel-agent:20170305


The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/npm:hawk:20160119
- https://snyk.io/vuln/npm:http-signature:20150122
- https://snyk.io/vuln/npm:mime:20170907
- https://snyk.io/vuln/npm:request:20160119
- https://snyk.io/vuln/npm:tunnel-agent:20170305
---
 .../snyk/node_modules/semver/.snyk            | 20 +++++++++++++++++++
 .../snyk/node_modules/semver/package.json     | 13 ++++++++----
 2 files changed, 29 insertions(+), 4 deletions(-)
 create mode 100644 test/fixtures/qs-package/node_modules/snyk/node_modules/semver/.snyk

diff --git a/test/fixtures/qs-package/node_modules/snyk/node_modules/semver/.snyk b/test/fixtures/qs-package/node_modules/snyk/node_modules/semver/.snyk
new file mode 100644
index 0000000000..b7ab9af7af
--- /dev/null
+++ b/test/fixtures/qs-package/node_modules/snyk/node_modules/semver/.snyk
@@ -0,0 +1,20 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.0
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:hawk:20160119':
+    - tap > codecov.io > request > hawk:
+        patched: '2023-04-26T17:03:05.442Z'
+  'npm:http-signature:20150122':
+    - tap > codecov.io > request > http-signature:
+        patched: '2023-04-26T17:03:05.442Z'
+  'npm:mime:20170907':
+    - tap > codecov.io > request > form-data > mime:
+        patched: '2023-04-26T17:03:05.442Z'
+  'npm:request:20160119':
+    - tap > codecov.io > request:
+        patched: '2023-04-26T17:03:05.442Z'
+  'npm:tunnel-agent:20170305':
+    - tap > codecov.io > request > tunnel-agent:
+        patched: '2023-04-26T17:03:05.442Z'
diff --git a/test/fixtures/qs-package/node_modules/snyk/node_modules/semver/package.json b/test/fixtures/qs-package/node_modules/snyk/node_modules/semver/package.json
index b46f79720d..bc2066e8c2 100644
--- a/test/fixtures/qs-package/node_modules/snyk/node_modules/semver/package.json
+++ b/test/fixtures/qs-package/node_modules/snyk/node_modules/semver/package.json
@@ -52,10 +52,12 @@
   "bugs": {
     "url": "https://github.com/npm/node-semver/issues"
   },
-  "dependencies": {},
+  "dependencies": {
+    "@snyk/protect": "latest"
+  },
   "description": "The semantic version parser used by npm.",
   "devDependencies": {
-    "tap": "^2.0.0"
+    "tap": "^14.6.8"
   },
   "directories": {},
   "dist": {
@@ -89,7 +91,10 @@
     "url": "git+https://github.com/npm/node-semver.git"
   },
   "scripts": {
-    "test": "tap test/*.js"
+    "test": "tap test/*.js",
+    "prepublish": "npm run snyk-protect",
+    "snyk-protect": "snyk-protect"
   },
-  "version": "5.3.0"
+  "version": "5.3.0",
+  "snyk": true
 }