From d390ce80f729b4e19f8ab9ecabb932f207e439f5 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Fri, 28 Apr 2023 15:41:42 +0000
Subject: [PATCH] fix: test/fixtures/qs-package/node_modules/url/package.json &
 test/fixtures/qs-package/node_modules/url/.snyk to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-FSEVENTS-5487987
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1056767
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1279029
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-173692
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-469063
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534478
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534988
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-567742
- https://snyk.io/vuln/SNYK-JS-MINIMATCH-1019388
- https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818
- https://snyk.io/vuln/SNYK-JS-MOCHA-2863123
- https://snyk.io/vuln/SNYK-JS-MOCHA-561476
- https://snyk.io/vuln/SNYK-JS-SHELLQUOTE-1766506
- https://snyk.io/vuln/SNYK-JS-UGLIFYJS-1727251
- https://snyk.io/vuln/npm:growl:20160721
- https://snyk.io/vuln/npm:handlebars:20151207
- https://snyk.io/vuln/npm:minimatch:20160620
- https://snyk.io/vuln/npm:qs:20140806
- https://snyk.io/vuln/npm:qs:20140806-1
- https://snyk.io/vuln/npm:shell-quote:20160621
- https://snyk.io/vuln/npm:uglify-js:20150824
- https://snyk.io/vuln/npm:uglify-js:20151024


The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/npm:debug:20170905
- https://snyk.io/vuln/npm:hawk:20160119
- https://snyk.io/vuln/npm:http-signature:20150122
- https://snyk.io/vuln/npm:mime:20170907
- https://snyk.io/vuln/npm:minimatch:20160620
- https://snyk.io/vuln/npm:ms:20151024
- https://snyk.io/vuln/npm:ms:20170412
- https://snyk.io/vuln/npm:negotiator:20160616
- https://snyk.io/vuln/npm:qs:20140806-1
- https://snyk.io/vuln/npm:request:20160119
- https://snyk.io/vuln/npm:tunnel-agent:20170305
- https://snyk.io/vuln/npm:uglify-js:20151024
---
 .../qs-package/node_modules/url/.snyk         | 83 +++++++++++++++++++
 .../qs-package/node_modules/url/package.json  | 14 ++--
 2 files changed, 92 insertions(+), 5 deletions(-)
 create mode 100644 test/fixtures/qs-package/node_modules/url/.snyk

diff --git a/test/fixtures/qs-package/node_modules/url/.snyk b/test/fixtures/qs-package/node_modules/url/.snyk
new file mode 100644
index 0000000000..bda466b1fc
--- /dev/null
+++ b/test/fixtures/qs-package/node_modules/url/.snyk
@@ -0,0 +1,83 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.0
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:debug:20170905':
+    - zuul > compression > debug:
+        patched: '2023-04-28T15:41:38.808Z'
+    - zuul > debug:
+        patched: '2023-04-28T15:41:38.808Z'
+  'npm:hawk:20160119':
+    - zuul > wd > request > hawk:
+        patched: '2023-04-28T15:41:38.808Z'
+  'npm:http-signature:20150122':
+    - zuul > wd > request > http-signature:
+        patched: '2023-04-28T15:41:38.808Z'
+  'npm:mime:20170907':
+    - zuul > express > send > mime:
+        patched: '2023-04-28T15:41:38.808Z'
+    - zuul > express > connect > send > mime:
+        patched: '2023-04-28T15:41:38.808Z'
+    - zuul > wd > request > form-data > mime:
+        patched: '2023-04-28T15:41:38.808Z'
+    - zuul > zuul-localtunnel > localtunnel > request > mime:
+        patched: '2023-04-28T15:41:38.808Z'
+    - zuul > zuul-localtunnel > localtunnel > request > form-data > mime:
+        patched: '2023-04-28T15:41:38.808Z'
+  'npm:minimatch:20160620':
+    - zuul > browserify-istanbul > minimatch:
+        patched: '2023-04-28T15:41:38.808Z'
+    - zuul > firefox-profile > archiver > file-utils > minimatch:
+        patched: '2023-04-28T15:41:38.808Z'
+    - zuul > istanbul-middleware > archiver > file-utils > minimatch:
+        patched: '2023-04-28T15:41:38.808Z'
+    - zuul > istanbul-middleware > archiver > file-utils > glob > minimatch:
+        patched: '2023-04-28T15:41:38.808Z'
+    - zuul > istanbul-middleware > archiver > file-utils > findup-sync > glob > minimatch:
+        patched: '2023-04-28T15:41:38.808Z'
+    - zuul > browserify-istanbul > istanbul > fileset > glob > minimatch:
+        patched: '2023-04-28T15:41:38.808Z'
+    - zuul > firefox-profile > archiver > file-utils > glob > minimatch:
+        patched: '2023-04-28T15:41:38.808Z'
+    - zuul > firefox-profile > archiver > file-utils > findup-sync > glob > minimatch:
+        patched: '2023-04-28T15:41:38.808Z'
+    - zuul > browserify-istanbul > istanbul > fileset > minimatch:
+        patched: '2023-04-28T15:41:38.808Z'
+    - zuul > wd > archiver > glob > minimatch:
+        patched: '2023-04-28T15:41:38.808Z'
+  'npm:ms:20170412':
+    - zuul > compression > debug > ms:
+        patched: '2023-04-28T15:41:38.808Z'
+  'npm:ms:20151024':
+    - zuul > debug > ms:
+        patched: '2023-04-28T15:41:38.808Z'
+  'npm:negotiator:20160616':
+    - zuul > compression > accepts > negotiator:
+        patched: '2023-04-28T15:41:38.808Z'
+    - zuul > express > connect > negotiator:
+        patched: '2023-04-28T15:41:38.808Z'
+  'npm:qs:20140806-1':
+    - zuul > express > connect > qs:
+        patched: '2023-04-28T15:41:38.808Z'
+    - zuul > superagent > qs:
+        patched: '2023-04-28T15:41:38.808Z'
+  'npm:request:20160119':
+    - zuul > wd > request:
+        patched: '2023-04-28T15:41:38.808Z'
+    - zuul > zuul-localtunnel > localtunnel > request:
+        patched: '2023-04-28T15:41:38.808Z'
+  'npm:tunnel-agent:20170305':
+    - zuul > wd > request > tunnel-agent:
+        patched: '2023-04-28T15:41:38.808Z'
+  'npm:uglify-js:20151024':
+    - zuul > hbs > handlebars > uglify-js:
+        patched: '2023-04-28T15:41:38.808Z'
+    - zuul > browserify-istanbul > istanbul > handlebars > uglify-js:
+        patched: '2023-04-28T15:41:38.808Z'
+    - zuul > watchify > browserify > umd > ruglify > uglify-js:
+        patched: '2023-04-28T15:41:38.808Z'
+    - zuul > watchify > browserify > browser-pack > umd > ruglify > uglify-js:
+        patched: '2023-04-28T15:41:38.808Z'
+    - zuul > watchify > browserify > umd > uglify-js:
+        patched: '2023-04-28T15:41:38.808Z'
diff --git a/test/fixtures/qs-package/node_modules/url/package.json b/test/fixtures/qs-package/node_modules/url/package.json
index 7732e5fe2a..530785506b 100644
--- a/test/fixtures/qs-package/node_modules/url/package.json
+++ b/test/fixtures/qs-package/node_modules/url/package.json
@@ -47,13 +47,14 @@
   },
   "dependencies": {
     "punycode": "1.3.2",
-    "querystring": "0.2.0"
+    "querystring": "0.2.0",
+    "@snyk/protect": "latest"
   },
   "description": "The core `url` packaged standalone for use with Browserify.",
   "devDependencies": {
     "assert": "1.1.1",
-    "mocha": "1.18.2",
-    "zuul": "3.3.0"
+    "mocha": "10.1.0",
+    "zuul": "3.12.0"
   },
   "directories": {},
   "dist": {
@@ -83,7 +84,10 @@
   },
   "scripts": {
     "test": "mocha --ui qunit test.js && zuul -- test.js",
-    "test-local": "zuul --local -- test.js"
+    "test-local": "zuul --local -- test.js",
+    "prepublish": "npm run snyk-protect",
+    "snyk-protect": "snyk-protect"
   },
-  "version": "0.11.0"
+  "version": "0.11.0",
+  "snyk": true
 }