From 7d5fd79ad29f2858909ef0d5edbf67ef2d5118c0 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 6 Oct 2022 22:55:22 +0000
Subject: [PATCH] fix: package.json & .snyk to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-BROWSERSLIST-1090194
- https://snyk.io/vuln/SNYK-JS-LODASH-1018905
- https://snyk.io/vuln/SNYK-JS-LODASH-1040724
- https://snyk.io/vuln/SNYK-JS-LODASH-450202
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
- https://snyk.io/vuln/SNYK-JS-LODASH-608086
- https://snyk.io/vuln/SNYK-JS-LODASH-73638
- https://snyk.io/vuln/SNYK-JS-LODASH-73639
- https://snyk.io/vuln/SNYK-JS-MERGE-1040469
- https://snyk.io/vuln/SNYK-JS-MERGE-1042987
- https://snyk.io/vuln/SNYK-JS-MINIMATCH-1019388
- https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795
- https://snyk.io/vuln/SNYK-JS-NODESASS-1059081
- https://snyk.io/vuln/SNYK-JS-NODESASS-535499
- https://snyk.io/vuln/SNYK-JS-NODESASS-535501
- https://snyk.io/vuln/SNYK-JS-NODESASS-535503
- https://snyk.io/vuln/SNYK-JS-NODESASS-535504
- https://snyk.io/vuln/SNYK-JS-NODESASS-535505
- https://snyk.io/vuln/SNYK-JS-NODESASS-540960
- https://snyk.io/vuln/SNYK-JS-NODESASS-540962
- https://snyk.io/vuln/SNYK-JS-NODESASS-540966
- https://snyk.io/vuln/SNYK-JS-NODESASS-540968
- https://snyk.io/vuln/SNYK-JS-NODESASS-540970
- https://snyk.io/vuln/SNYK-JS-NODESASS-540972
- https://snyk.io/vuln/SNYK-JS-NODESASS-540974
- https://snyk.io/vuln/SNYK-JS-NODESASS-540982
- https://snyk.io/vuln/SNYK-JS-NODESASS-540984
- https://snyk.io/vuln/SNYK-JS-NODESASS-540986
- https://snyk.io/vuln/SNYK-JS-NODESASS-540988
- https://snyk.io/vuln/SNYK-JS-NODESASS-542662
- https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640
- https://snyk.io/vuln/SNYK-JS-SCSSTOKENIZER-2339884
- https://snyk.io/vuln/SNYK-JS-TAR-1536528
- https://snyk.io/vuln/SNYK-JS-TAR-1536531
- https://snyk.io/vuln/SNYK-JS-TAR-1536758
- https://snyk.io/vuln/SNYK-JS-TAR-1579147
- https://snyk.io/vuln/SNYK-JS-TAR-1579152
- https://snyk.io/vuln/SNYK-JS-TAR-1579155
- https://snyk.io/vuln/SNYK-JS-UGLIFYJS-1727251
- https://snyk.io/vuln/npm:lodash:20180130
- https://snyk.io/vuln/npm:minimatch:20160620


The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/npm:lodash:20180130
- https://snyk.io/vuln/npm:minimatch:20160620
- https://snyk.io/vuln/npm:uglify-js:20151024
---
 .snyk        | 28 ++++++++++++++++++++++++++++
 package.json | 22 +++++++++++++---------
 2 files changed, 41 insertions(+), 9 deletions(-)
 create mode 100644 .snyk

diff --git a/.snyk b/.snyk
new file mode 100644
index 0000000..bf4a348
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,28 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.0
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:lodash:20180130':
+    - gulp-jscs > jscs > lodash:
+        patched: '2022-10-06T22:55:18.911Z'
+    - gulp-jscs > jscs > xmlbuilder > lodash:
+        patched: '2022-10-06T22:55:18.911Z'
+    - gulp-jscs > jscs > babel-jscs > babel-core > lodash:
+        patched: '2022-10-06T22:55:18.911Z'
+    - gulp-jscs > jscs > jscs-jsdoc > jsdoctypeparser > lodash:
+        patched: '2022-10-06T22:55:18.911Z'
+    - gulp-jscs > jscs > babel-jscs > babel-core > babel-plugin-proto-to-assign > lodash:
+        patched: '2022-10-06T22:55:18.911Z'
+  'npm:minimatch:20160620':
+    - gulp > vinyl-fs > glob-stream > minimatch:
+        patched: '2022-10-06T22:55:18.911Z'
+    - gulp-jscs > jscs > babel-jscs > babel-core > minimatch:
+        patched: '2022-10-06T22:55:18.911Z'
+    - gulp > vinyl-fs > glob-watcher > gaze > globule > minimatch:
+        patched: '2022-10-06T22:55:18.911Z'
+    - gulp > vinyl-fs > glob-watcher > gaze > globule > glob > minimatch:
+        patched: '2022-10-06T22:55:18.911Z'
+  'npm:uglify-js:20151024':
+    - gulp-jade > jade > transformers > uglify-js:
+        patched: '2022-10-06T22:55:18.911Z'
diff --git a/package.json b/package.json
index c2445fa..5ef782c 100644
--- a/package.json
+++ b/package.json
@@ -14,7 +14,9 @@
     "test": "gulp",
     "start": "node index.js",
     "install": "gulp",
-    "simulate-translations": "s18n map locales/en.json > locales/accents.json"
+    "simulate-translations": "s18n map locales/en.json > locales/accents.json",
+    "prepublish": "npm run snyk-protect",
+    "snyk-protect": "snyk-protect"
   },
   "engines": {
     "node": "^0.12.7"
@@ -27,19 +29,19 @@
     "express": "^4.13.3",
     "express-error-handler": "^1.0.1",
     "globby": "^3.0.1",
-    "gulp": "^3.9.0",
-    "gulp-autoprefixer": "^3.0.2",
+    "gulp": "^4.0.0",
+    "gulp-autoprefixer": "^6.0.0",
     "gulp-cached": "^1.1.0",
-    "gulp-csso": "^1.0.0",
+    "gulp-csso": "^3.0.0",
     "gulp-if": "^2.0.0",
     "gulp-jade": "^1.1.0",
     "gulp-jscs": "^3.0.1",
-    "gulp-jshint": "^1.11.2",
+    "gulp-jshint": "^2.0.3",
     "gulp-l10n": "1.2.0",
     "gulp-load-plugins": "^1.0.0",
     "gulp-plumber": "^1.0.1",
-    "gulp-rev-all": "^0.8.21",
-    "gulp-sass": "^2.0.4",
+    "gulp-rev-all": "^3.0.0",
+    "gulp-sass": "^5.0.0",
     "gulp-sass-lint": "^1.0.1",
     "gulp-size": "^2.0.0",
     "gulp-sourcemaps": "^1.6.0",
@@ -48,6 +50,8 @@
     "mkdirp": "^0.5.1",
     "require-dir": "^0.3.0",
     "run-sequence": "^1.1.4",
-    "uglify-js": "^2.4.24"
-  }
+    "uglify-js": "^3.14.3",
+    "@snyk/protect": "latest"
+  },
+  "snyk": true
 }