From ceda3a62749b74a4fafbad5c76078e46e705fcc4 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Fri, 7 Oct 2022 23:24:04 +0000
Subject: [PATCH] fix: apis/userprofile/package.json,
 apis/userprofile/package-lock.json & apis/userprofile/.snyk to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MORGAN-72579


The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/npm:hoek:20180212
---
 apis/userprofile/.snyk             |  10 +++
 apis/userprofile/package-lock.json |  34 ++++++---
 apis/userprofile/package.json      | 114 +++++++++++++++--------------
 3 files changed, 92 insertions(+), 66 deletions(-)
 create mode 100644 apis/userprofile/.snyk

diff --git a/apis/userprofile/.snyk b/apis/userprofile/.snyk
new file mode 100644
index 0000000..948f6ab
--- /dev/null
+++ b/apis/userprofile/.snyk
@@ -0,0 +1,10 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.0
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:hoek:20180212':
+    - swaggerize-express > swaggerize-routes > enjoi > joi > hoek:
+        patched: '2022-10-07T23:23:58.630Z'
+    - swaggerize-express > swaggerize-routes > enjoi > joi > topo > hoek:
+        patched: '2022-10-07T23:23:58.630Z'
diff --git a/apis/userprofile/package-lock.json b/apis/userprofile/package-lock.json
index 4e5e572..bc074e1 100644
--- a/apis/userprofile/package-lock.json
+++ b/apis/userprofile/package-lock.json
@@ -138,6 +138,11 @@
                 "to-fast-properties": "^2.0.0"
             }
         },
+        "@snyk/protect": {
+            "version": "1.1025.0",
+            "resolved": "https://registry.npmjs.org/@snyk/protect/-/protect-1.1025.0.tgz",
+            "integrity": "sha512-RK9tY2Aqujv5l9e/5nE4yiTilk8vxyB99VtJJ/6p9TZYhddCVQUUv+PNenhVVO3jkSD8/3gLWbPakIvQsFKynA=="
+        },
         "accepts": {
             "version": "1.3.5",
             "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.5.tgz",
@@ -294,11 +299,18 @@
             "dev": true
         },
         "basic-auth": {
-            "version": "2.0.0",
-            "resolved": "https://registry.npmjs.org/basic-auth/-/basic-auth-2.0.0.tgz",
-            "integrity": "sha1-AV2z81PgLlY3d1X5YnQuiYHnu7o=",
+            "version": "2.0.1",
+            "resolved": "https://registry.npmjs.org/basic-auth/-/basic-auth-2.0.1.tgz",
+            "integrity": "sha512-NF+epuEdnUYVlGuhaxbbq+dvJttwLnGY+YixlXlME5KpQ5W3CnXA5cVTneY3SPbPDRkcjMbifrwmFYcClgOZeg==",
             "requires": {
-                "safe-buffer": "5.1.1"
+                "safe-buffer": "5.1.2"
+            },
+            "dependencies": {
+                "safe-buffer": {
+                    "version": "5.1.2",
+                    "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
+                    "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
+                }
             }
         },
         "big-number": {
@@ -1588,13 +1600,13 @@
             "integrity": "sha512-shJkRTSebXvsVqk56I+lkb2latjBs8I+pc2TzWc545y2iFnSjm7Wg0QMh+ZWcdSLQyGEau5jI8ocnmkyTgr9YQ=="
         },
         "morgan": {
-            "version": "1.9.0",
-            "resolved": "https://registry.npmjs.org/morgan/-/morgan-1.9.0.tgz",
-            "integrity": "sha1-0B+mxlhZt2/PMbPLU6OCGjEdgFE=",
+            "version": "1.9.1",
+            "resolved": "https://registry.npmjs.org/morgan/-/morgan-1.9.1.tgz",
+            "integrity": "sha512-HQStPIV4y3afTiCYVxirakhlCfGkI161c76kKFca7Fk1JusM//Qeo1ej2XaMniiNeaZklMVrh3vTtIzpzwbpmA==",
             "requires": {
                 "basic-auth": "~2.0.0",
                 "debug": "2.6.9",
-                "depd": "~1.1.1",
+                "depd": "~1.1.2",
                 "on-finished": "~2.3.0",
                 "on-headers": "~1.0.1"
             }
@@ -2795,9 +2807,9 @@
             }
         },
         "on-headers": {
-            "version": "1.0.1",
-            "resolved": "https://registry.npmjs.org/on-headers/-/on-headers-1.0.1.tgz",
-            "integrity": "sha1-ko9dD0cNSTQmUepnlLCFfBAGk/c="
+            "version": "1.0.2",
+            "resolved": "https://registry.npmjs.org/on-headers/-/on-headers-1.0.2.tgz",
+            "integrity": "sha512-pZAE+FJLoyITytdqK0U5s+FIpjN0JP3OzFi/u8Rx+EV5/W+JTWGXG8xFzevE7AjBfDqHv/8vL8qQsIhHnqRkrA=="
         },
         "once": {
             "version": "1.4.0",
diff --git a/apis/userprofile/package.json b/apis/userprofile/package.json
index 6703e1f..a3d7b10 100644
--- a/apis/userprofile/package.json
+++ b/apis/userprofile/package.json
@@ -1,57 +1,61 @@
 {
-    "name": "mydriving-user-api",
-    "description": "This is the User API for the MyDriving service",
-    "version": "1.0.0",
-    "repository": {
-        "type": "git",
-        "url": "git://github.com/Azure-Samples/openhack-devops-team.git"
-    },
-    "bugs": "http://github.com/Azure-Samples/openhack-devops-team/issues",
-    "dependencies": {
-        "body-parser": "^1.18.3",
-        "express": "^4.16.3",
-        "express4-tedious": "^0.3.0",
-        "morgan": "^1.9.0",
-        "swaggerize-express": "^4.0.5",
-        "swagmock": "1.0.0",
-        "swagger-ui-express": "^3.0.10",
-        "tedious": "^2.6.4"
-    },
-    "devDependencies": {
-        "eslint": "^5",
-        "is-my-json-valid": "^2.17.2",
-        "js-yaml": "^3.12.0",
-        "nyc": "^13.0.1",
-        "supertest": "^3.1.0",
-        "swagger-parser": "^4.1.0",
-        "tap-junit": "^2.0.0",
-        "tape": "^4.9.1"
-    },
-    "nyc": {
-        "check-coverage": true,
-        "per-file": false,
-        "lines": 25,
-        "statements": 8,
-        "functions": 9,
-        "branches": 1,
-        "reporter": [
-          "cobertura",
-          "html"
-        ],
-        "require": [],
-        "cache": true,
-        "all": true,
-        "temp-directory": "./reports-tmp",
-        "report-dir": "./reports"
-      },
-    "scripts": {
-        "test": "tape 'tests/**/*.js' | tap-junit --output reports --name userprofile-report",
-        "cover": "nyc tape -- 'tests/**/*.js' --cov",
-        "lint": "eslint .",
-        "regenerate": "yo swaggerize:test --framework express --apiPath './config/swagger.json'"
-    },
-    "generator-swaggerize": {
-        "version": "4.1.0"
-    },
-    "main": "./server"
+  "name": "mydriving-user-api",
+  "description": "This is the User API for the MyDriving service",
+  "version": "1.0.0",
+  "repository": {
+    "type": "git",
+    "url": "git://github.com/Azure-Samples/openhack-devops-team.git"
+  },
+  "bugs": "http://github.com/Azure-Samples/openhack-devops-team/issues",
+  "dependencies": {
+    "body-parser": "^1.18.3",
+    "express": "^4.16.3",
+    "express4-tedious": "^0.3.0",
+    "morgan": "^1.9.1",
+    "swaggerize-express": "^4.0.5",
+    "swagmock": "1.0.0",
+    "swagger-ui-express": "^3.0.10",
+    "tedious": "^2.6.4",
+    "@snyk/protect": "latest"
+  },
+  "devDependencies": {
+    "eslint": "^5",
+    "is-my-json-valid": "^2.17.2",
+    "js-yaml": "^3.12.0",
+    "nyc": "^13.0.1",
+    "supertest": "^3.1.0",
+    "swagger-parser": "^4.1.0",
+    "tap-junit": "^2.0.0",
+    "tape": "^4.9.1"
+  },
+  "nyc": {
+    "check-coverage": true,
+    "per-file": false,
+    "lines": 25,
+    "statements": 8,
+    "functions": 9,
+    "branches": 1,
+    "reporter": [
+      "cobertura",
+      "html"
+    ],
+    "require": [],
+    "cache": true,
+    "all": true,
+    "temp-directory": "./reports-tmp",
+    "report-dir": "./reports"
+  },
+  "scripts": {
+    "test": "tape 'tests/**/*.js' | tap-junit --output reports --name userprofile-report",
+    "cover": "nyc tape -- 'tests/**/*.js' --cov",
+    "lint": "eslint .",
+    "regenerate": "yo swaggerize:test --framework express --apiPath './config/swagger.json'",
+    "prepare": "npm run snyk-protect",
+    "snyk-protect": "snyk-protect"
+  },
+  "generator-swaggerize": {
+    "version": "4.1.0"
+  },
+  "main": "./server",
+  "snyk": true
 }