From 83e430b50665cff63b731c6fe15420a8d617423c Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Fri, 7 Oct 2022 20:59:41 +0000
Subject: [PATCH] fix: scripts/contributor-list/package.json,
 scripts/contributor-list/package-lock.json & scripts/contributor-list/.snyk
 to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LODASH-1018905
- https://snyk.io/vuln/SNYK-JS-LODASH-1040724
- https://snyk.io/vuln/SNYK-JS-LODASH-450202
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
- https://snyk.io/vuln/SNYK-JS-LODASH-608086
- https://snyk.io/vuln/SNYK-JS-LODASH-73638
- https://snyk.io/vuln/SNYK-JS-LODASH-73639


The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/SNYK-JS-HTTPSPROXYAGENT-469131
---
 scripts/contributor-list/.snyk             |  8 ++++++++
 scripts/contributor-list/package-lock.json | 11 ++++++++---
 scripts/contributor-list/package.json      | 12 +++++++++---
 3 files changed, 25 insertions(+), 6 deletions(-)
 create mode 100644 scripts/contributor-list/.snyk

diff --git a/scripts/contributor-list/.snyk b/scripts/contributor-list/.snyk
new file mode 100644
index 0000000000000..63b1d476e7714
--- /dev/null
+++ b/scripts/contributor-list/.snyk
@@ -0,0 +1,8 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.0
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-HTTPSPROXYAGENT-469131:
+    - node-github-graphql > https-proxy-agent:
+        patched: '2022-10-07T20:59:35.148Z'
diff --git a/scripts/contributor-list/package-lock.json b/scripts/contributor-list/package-lock.json
index 41622fe94c15e..5ee98647a9c76 100644
--- a/scripts/contributor-list/package-lock.json
+++ b/scripts/contributor-list/package-lock.json
@@ -4,6 +4,11 @@
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
+    "@snyk/protect": {
+      "version": "1.1025.0",
+      "resolved": "https://registry.npmjs.org/@snyk/protect/-/protect-1.1025.0.tgz",
+      "integrity": "sha512-RK9tY2Aqujv5l9e/5nE4yiTilk8vxyB99VtJJ/6p9TZYhddCVQUUv+PNenhVVO3jkSD8/3gLWbPakIvQsFKynA=="
+    },
     "agent-base": {
       "version": "4.2.1",
       "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-4.2.1.tgz",
@@ -281,9 +286,9 @@
       }
     },
     "lodash": {
-      "version": "4.17.10",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.10.tgz",
-      "integrity": "sha512-UejweD1pDoXu+AD825lWwp4ZGtSwgnpZxb3JDViD7StjQz+Nb/6l093lx4OQ0foGWNRoc19mWy7BzL+UAK2iVg=="
+      "version": "4.17.21",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
+      "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg=="
     },
     "mime-db": {
       "version": "1.36.0",
diff --git a/scripts/contributor-list/package.json b/scripts/contributor-list/package.json
index 44280e28a3dc0..a67379760c372 100644
--- a/scripts/contributor-list/package.json
+++ b/scripts/contributor-list/package.json
@@ -5,7 +5,13 @@
   "main": "index.js",
   "license": "MIT",
   "dependencies": {
-    "lodash": "^4.17.4",
-    "node-github-graphql": "^0.2.7"
-  }
+    "lodash": "^4.17.21",
+    "node-github-graphql": "^0.2.7",
+    "@snyk/protect": "latest"
+  },
+  "scripts": {
+    "prepare": "npm run snyk-protect",
+    "snyk-protect": "snyk-protect"
+  },
+  "snyk": true
 }