From fbd603db685943bc9c6a5fe176c14eb704de152d Mon Sep 17 00:00:00 2001
From: orkamara <orkamara@gmail.com>
Date: Thu, 30 Jan 2020 15:59:16 +0200
Subject: [PATCH] fix: vuln in transitive pkg of configstore (dot-prop)

---
 configstore-3.1.2-RC1.tgz | Bin 0 -> 3074 bytes
 package.json              |   8 ++++++--
 2 files changed, 6 insertions(+), 2 deletions(-)
 create mode 100644 configstore-3.1.2-RC1.tgz

diff --git a/configstore-3.1.2-RC1.tgz b/configstore-3.1.2-RC1.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..10d8de48018b1296032e80c0b6c483f99e52588c
GIT binary patch
literal 3074
zcmV+d4E^&TiwFP!000001MM39bJ|9>zgmCAp3^DN0f8OYxpC^W7-U;F7&rt;J#MZn
z(gKPlE!D34QP=mk-+Q|&5ZFmNZIkw9tjPpv-`n@KPwz`!Q2&z7SUn1TmI(I6r??u8
z#{T{ud2Ai7-M!~K<csIu>^F9H_V*ir*Vt+7@4kTFPa@66l?h2x5ao~3(aMnJ@Bhiw
z;)~lfoXsWi!X!u;@pwAV1o>8|N1>j+pT#tcY@f%kNVy2WrHW+@SP%-ChLcQ&JRvj*
zNG2Ew6C!w)`b@1%!i1)`WXjW6RLONH=Y*%~muHg1JP4<uPmw^CP!MFn(m0fo1!R%(
zt1y5YIj0i-V?ZQ|_;r}fh|iNC#7#nNikUpHtR0)IizEo2=Cb%a06aK$k}^p_MkGil
z{0c$2F%mA}g{T576eI#lNTA3o2{r@)c78;|n5DL5?LHI$7!@p#3jnGG83^@f%Rr1?
z0r#_*C6eX`QwN)KfTSd*lBFSy#LB+vP}H`9=%CK<)b)thJ08Ai4jcma{Xy@w+jiRI
z=$s5s9n$Lc&j;?w>5!cEI&Ej*k!H6ItKH$iJsJ&ru&~|qVCS|1G`r`-`Jq2>JdgAS
z#69bGTp$M22hHx#b-XHZyRFWs?RHP91PG9BZ%8`snL7luVXvx~KHNrn$K=czv`*o%
zdE|E7;kn{>><+ug>lm0dNxwN5x~);CIUxPfpx^Txf@-y0uhnU~XHMG&?!b{aubu9Y
zc&E)y=TR+D_B9=k91ya3)NwQ?(6a3goYoN4S>3h3av)!)O1!?)a`DFb!2xBOgY&AP
z={f%%0TKX7yLr|;0o}?UF$tVWYcz1qP-d`$H#+i$?r=18$Vso)R)+SR!E3kWcrQt(
z=P7HAJf{jAhE2s7NPwvT4EIMP&s9cqyF+I%81;v4uUi4l-+);_#wKiSE9>^UN>#8>
zZ*Y!8(FV%+Rr2Q4f%O3zR9UKtCh)*wtzi)j_<;e31szG(IqA43PPgSCw1-sQxSmsi
zvvNH|a5dXEP2f3FD&rY}RQk5yu~l`F#62d>_G=f#Hpp=Ho@@L>nXGkc%xznLbzuHX
z*TUp~2<q&{ekVQ!j}Pbny>DJTe~|xQ>@}Y9|L3?$n5Z$>`?B=Xg6slmW<enh971;b
zISW%(F5z>jl0&&D!njyLrfZN{N_{rXqS~~864Oi84$~qYF4clCT_N2Bvm+`Xf3D%d
zYHgyISE$!%DA{osv8Lp4=oj%7s5S*yjVj=3SHNXI<%=RVEY%<nE>=ic68@Yq4@?7@
zwScMDYeE4K-QdIj({QGhTWMhHW%BE<%B=P~9wucjY#A>ATCP;r_>?P4_Nx350ur#3
zrW}cu&Upr+CqI@XnNuhgsP8i&h~&CNKvnJ1hNXK8T`U}uJ1DW(0cr5Yi$>%AfdL;w
z+*gPe)D*y`r4$j8Lz#7FZK>^P=EHM245}nxQ<_B*N;|%gqJk(}cn1X44;bJMiEVAI
zoUEU+X?SBW>{-MoG}3JP=z`w?^47{~$fcys34w|yr3yJ%$1qSOW2s8UU*3hmy}}(=
z6l=7TZQOgcZFzFlf>f}<;L|7q^xoth^Q8@z2xm$8?!KsTj)r^gfzOOd0*_^F1qn4D
z{%%3NnWYK&m)Glp5UF70sjyQ<1GK+)oA~9We4uG2r~fQflo<B}3S)mx$}CMa&8>Q!
zv|y{mS`DhbDGAZ7nMlAn*bS6#hy=^H#a1Qn;UTz?)9pchP%=cejFZ>`nJa?;wS>lO
zB?)-wx+^J(mdfCn!V_w(gmPo7CUrp@gLgu1!LoJb&4i&li}#4vY(aUl6c2$pkwZMr
z!ovNJ$(MH<FA1!T*Tr$-g}l{OGT7MIi6uVI5~zN$D!-yp7^pKTii9@MBEh*xdZWlM
z<=Tik+I+>c1Lxa(u|8lnIZydD+C`nUb|GP02*lg)BGBp#4ups-WqJJ{Ks~Qc9l8R6
zDuRMhprgcuu>^cIV%SQVwjgFSk<cetzuyO}-(Uyj={it`(_7S~N|G#s|4Tp0Qsq5H
zdfeOpPLB21f#EwZ!e5wq>CHKtsBy_|MR^%aR4A<25ld!rz6u#-z*^gE(v*#`d~=l`
z*2|@n;HD~BdPy-AfoAzGbzEo_n$A=|C=7RHogHHqXiQ02Q@BLi7KKNyx%G0nkiBLF
zQYpbMF5gy+o$wr4B$(dw=$2e^ZN>F)tC5VJb1L3z9E3e;9PRR}eeX5RN;<QpAmC;e
zSQE>S7)|pazrs=P_PqrdkVrGg$?RsqQ<Vt|IrQb<qr=GSfAg!7<)6*t!}b5p-i!Us
z`hN$Wp6dV4ae?n{W3b;oAlrrNX}b#RSCAng0wU<Sy<_jz2CW?h2$=BGP=#y+I#h(w
zEr~b{)KE%LHOEpfT0Y-{RD^Z3u2qvu9CpF#^_-=8IymRoinN(SBiSRbUE8g-A_^^v
zf~9Q1MF`^EBKVf^m?rg2p=kyTQ$WDCa;e(da1-&iwi(Ve5%&0`QzK>R0~7^>7aW;E
z3=I<|mfRrUAo{Dry&OXuYKbA4kce@^$yZ+ydPQ?QEKd;Y0<rRD9Dr{T2!ZIDr@<1g
zb=DFtHP^TB4(kWRS>1)RELAf=gUO_X<1m(3K*0;=kU%$~7cdCuyMRh+kkA=G_~HX3
z5<?G8JQp@#3kLEhez-DB-d&;U|M|w=wHtb0p+{7pJ#;e-%G*M<zGFA?Eo<%9Ch$Se
zrx12m2!$q6fu1XnIfH;*wI2~4PYH0pHWaviP$B-WetZA;mB)W<Lt<vf!6)GHk@?T_
z7rPJQe`D|I`_E^&o{>TTB^Up=ILbok96U*7Cf=6kQZB?ny)ILT-=gM+Hcw~uhoRRN
zSF`UXDNX$OVN4-1q?O;kxnfzb$Yv5TA?A1F5zEqL76}DW^i|tKRX3vBz=%VKp_j*B
z{?I=8snzQqyC*-L_RgF!ew7;kw{8YEWBc1l`pR-{XuOEnK><?Kpe}gKYGI&f4VLw_
zJ0-U~BMDPqt#CL4RGkRQ=@h?j`E%w&i4BrpjG0-jDN5s&*=C?}Ho<gLFXo^6`i2T<
z0rsYW{k3IT&z_MHHZhhp9*^G%Gvq0bZVHpE;<RKnce-4gcG+u{p&EBVGv@2j16`wx
za)1Lc{TYcSX0k=xHevS6#(jNFi>US*kBh4!0_x^lf+oyoD%cieOcW+-AXCDwi~PzU
zsp`|K<ZjCO0Vz#rTDs2%avTcph|g3puR5p_AgOsuy?*#gBP-0QYD!A<nxO>Hxyv+T
z#vBic<Y-Gmh^=fg68O1I))H>Mwt<hD2_2LO<~t^MwG6dlhA+rrPv|cn<BQ@hdEUW>
z1BHKYR4|>(O1$4Je+KDp3PntS9-}>|*>~~x*}Ap$(RG!<FY?*fTe#O}DBh|M!PuJ#
za11=G+#zg5?HMVMu&m+j0$(Sc$AK}fV$%t)O`2oo8*^^UUAi-cU2WqpW-Ms%jYRtC
z8QB~xF3C(d7>Fig^@<x(uso&Ew*qlbxit<POc0_H;)RYC`D;-_53CoalH>e+L}k>s
zR3qYYXEAORsp#!C8DhMEf8a>)9>VJ%V@VR=WCvqPtUeAi{Kmdef<eiQ#hm%1uD<O`
zP)t-|H*8e%YZPSrJu!5fgaM-@=3Ht664xA@W#P!#$5$Dg`=aRG9}iP`%~#RUcML`B
z_(Si6;cXX(8X4vW4@Y4Mfyyo};&9~y1|EZj!v#+G088LO@ulMtJ0GrC*2zO!`EUW!
zhKkDJG{-O_wH&c9P(a7ShfP{$BCrBSk(OvFc=!v`Qs9XwCTbR$!xzdubGVvRt7BTa
zpc?X%7Vw=gJe2_90<xY$f`!y1!;L-YP<h&eRK%_rQjn0S;ca24g-TJdYpDzfZwv-n
z6yE~;(*vT-kF=mIi>Ub<20u%|>DIFL3i+Urm8SWy#M+v(D8ld!Elw1atoxU%NYv5Y
zpk-Y^Ge}Hts9g^{4+YnM)S(Is0~Ym(2x{iRUd$I2^?I-V(B*{lS;YPx<CmxF>3X`J
QuD|U1A47)+>HsPL0H7%Eu>b%7

literal 0
HcmV?d00001

diff --git a/package.json b/package.json
index b98a8bb36f..3894d929a1 100644
--- a/package.json
+++ b/package.json
@@ -10,7 +10,8 @@
     "SECURITY.md",
     "README.md",
     "Contributor-Agreement.md",
-    ".snyk"
+    ".snyk",
+    "configstore-3.1.2-RC1.tgz"
   ],
   "directories": {
     "test": "test"
@@ -64,7 +65,7 @@
     "ansi-escapes": "3.2.0",
     "chalk": "^2.4.2",
     "cli-spinner": "0.2.10",
-    "configstore": "^3.1.2",
+    "configstore": "file:configstore-3.1.2-RC1.tgz",
     "debug": "^3.1.0",
     "diff": "^4.0.1",
     "git-url-parse": "11.1.2",
@@ -126,6 +127,9 @@
     "tslint": "^5.14.0",
     "typescript": "^3.4.1"
   },
+  "bundledDependencies": [
+    "configstore"
+  ],
   "repository": {
     "type": "git",
     "url": "https://github.com/snyk/snyk.git"