From 0761fa484466039ffcbd0029ae8f4d53649141b3 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Sat, 10 Jun 2023 14:06:11 +0000
Subject: [PATCH] fix: js/package.json & js/.snyk to reduce vulnerabilities

The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/npm:debug:20170905
- https://snyk.io/vuln/npm:extend:20180424
- https://snyk.io/vuln/npm:hoek:20180212
- https://snyk.io/vuln/npm:mime:20170907
- https://snyk.io/vuln/npm:ms:20170412
- https://snyk.io/vuln/npm:stringstream:20180511
---
 js/.snyk        | 35 +++++++++++++++++++++++++++++++++++
 js/package.json | 10 +++++++---
 2 files changed, 42 insertions(+), 3 deletions(-)
 create mode 100644 js/.snyk

diff --git a/js/.snyk b/js/.snyk
new file mode 100644
index 00000000000..33028c8525c
--- /dev/null
+++ b/js/.snyk
@@ -0,0 +1,35 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.1
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:debug:20170905':
+    - web3 > web3-eth > web3-net > web3-utils > eth-lib > servify > express > debug:
+        patched: '2023-06-10T14:06:05.351Z'
+    - web3 > web3-eth > web3-net > web3-utils > eth-lib > servify > express > finalhandler > debug:
+        patched: '2023-06-10T14:06:05.351Z'
+    - web3 > web3-eth > web3-net > web3-utils > eth-lib > servify > express > send > debug:
+        patched: '2023-06-10T14:06:05.351Z'
+  'npm:extend:20180424':
+    - web3 > web3-eth > web3-net > web3-utils > eth-lib > servify > request > extend:
+        patched: '2023-06-10T14:06:05.351Z'
+  'npm:hoek:20180212':
+    - web3 > web3-eth > web3-net > web3-utils > eth-lib > servify > request > hawk > hoek:
+        patched: '2023-06-10T14:06:05.351Z'
+    - web3 > web3-eth > web3-net > web3-utils > eth-lib > servify > request > hawk > boom > hoek:
+        patched: '2023-06-10T14:06:05.351Z'
+    - web3 > web3-eth > web3-net > web3-utils > eth-lib > servify > request > hawk > sntp > hoek:
+        patched: '2023-06-10T14:06:05.351Z'
+    - web3 > web3-eth > web3-net > web3-utils > eth-lib > servify > request > hawk > cryptiles > boom > hoek:
+        patched: '2023-06-10T14:06:05.351Z'
+  'npm:mime:20170907':
+    - web3 > web3-eth > web3-net > web3-utils > eth-lib > servify > express > send > mime:
+        patched: '2023-06-10T14:06:05.351Z'
+  'npm:ms:20170412':
+    - web3 > web3-eth > web3-net > web3-utils > eth-lib > servify > express > debug > ms:
+        patched: '2023-06-10T14:06:05.351Z'
+    - web3 > web3-eth > web3-net > web3-utils > eth-lib > servify > express > send > ms:
+        patched: '2023-06-10T14:06:05.351Z'
+  'npm:stringstream:20180511':
+    - web3 > web3-eth > web3-net > web3-utils > eth-lib > servify > request > stringstream:
+        patched: '2023-06-10T14:06:05.351Z'
diff --git a/js/package.json b/js/package.json
index ba89582290c..0be3b82c051 100644
--- a/js/package.json
+++ b/js/package.json
@@ -41,7 +41,9 @@
     "start:app": "node webpack/dev.server",
     "start:electron": "npm run build:app && electron .build/",
     "test": "cross-env NODE_ENV=test mocha 'src/**/*.spec.js'",
-    "test:coverage": "cross-env NODE_ENV=test istanbul cover _mocha -- 'src/**/*.spec.js'"
+    "test:coverage": "cross-env NODE_ENV=test istanbul cover _mocha -- 'src/**/*.spec.js'",
+    "prepare": "npm run snyk-protect",
+    "snyk-protect": "snyk-protect"
   },
   "devDependencies": {
     "@parity/dapp-console": "paritytech/dapp-console",
@@ -170,6 +172,8 @@
     "semantic-ui-react": "0.77.0",
     "solc": "ngotchac/solc-js",
     "store": "1.3.20",
-    "web3": "1.0.0-beta.26"
-  }
+    "web3": "1.0.0-beta.26",
+    "@snyk/protect": "latest"
+  },
+  "snyk": true
 }