From e724b3fd670b9c5d0c7d398d8a53956f33da5ea3 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Wed, 1 Sep 2021 05:15:07 +0000
Subject: [PATCH] fix: package.json & .snyk to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-HTTPSPROXYAGENT-469131
- https://snyk.io/vuln/npm:http-proxy-agent:20180406
- https://snyk.io/vuln/npm:https-proxy-agent:20180402
- https://snyk.io/vuln/npm:ip:20170304
- https://snyk.io/vuln/npm:node-forge:20180226


The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/npm:hoek:20180212
- https://snyk.io/vuln/npm:lodash:20180130
---
 .snyk        | 17 +++++++++++++++++
 package.json | 13 ++++++++-----
 2 files changed, 25 insertions(+), 5 deletions(-)
 create mode 100644 .snyk

diff --git a/.snyk b/.snyk
new file mode 100644
index 0000000000..4c3e7a36e7
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,17 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.21.5
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:hoek:20180212':
+    - parse-server-push-adapter > node-gcm > request > hawk > hoek:
+        patched: '2021-09-01T05:15:05.102Z'
+    - parse-server-push-adapter > node-gcm > request > hawk > boom > hoek:
+        patched: '2021-09-01T05:15:05.102Z'
+    - parse-server-push-adapter > node-gcm > request > hawk > sntp > hoek:
+        patched: '2021-09-01T05:15:05.102Z'
+    - parse-server-push-adapter > node-gcm > request > hawk > cryptiles > boom > hoek:
+        patched: '2021-09-01T05:15:05.102Z'
+  'npm:lodash:20180130':
+    - parse-server-push-adapter > node-gcm > lodash:
+        patched: '2021-09-01T05:15:05.102Z'
diff --git a/package.json b/package.json
index 1b513f54a1..86a9390dca 100644
--- a/package.json
+++ b/package.json
@@ -31,9 +31,9 @@
     "multer": "1.3.0",
     "parse": "1.9.2",
     "parse-server-fs-adapter": "1.0.1",
-    "parse-server-push-adapter": "1.3.0",
+    "parse-server-push-adapter": "2.0.0",
     "parse-server-s3-adapter": "1.0.6",
-    "parse-server-simple-mailgun-adapter": "1.0.0",
+    "parse-server-simple-mailgun-adapter": "1.0.1",
     "pg-promise": "5.6.4",
     "redis": "2.7.1",
     "request": "2.81.0",
@@ -41,7 +41,8 @@
     "tv4": "1.3.0",
     "winston": "2.3.1",
     "winston-daily-rotate-file": "1.4.6",
-    "ws": "2.2.3"
+    "ws": "2.2.3",
+    "@snyk/protect": "latest"
   },
   "devDependencies": {
     "babel-cli": "6.24.1",
@@ -75,7 +76,8 @@
     "coverage": "cross-env COVERAGE_OPTION='./node_modules/.bin/nyc' npm test",
     "coverage:win": "cross-env MONGODB_VERSION=${MONGODB_VERSION:=3.2.6} MONGODB_STORAGE_ENGINE=mmapv1 NODE_ENV=test TESTING=1 node ./node_modules/.bin/nyc ./node_modules/jasmine/bin/jasmine.js",
     "start": "node ./bin/parse-server",
-    "prepublish": "npm run build"
+    "prepublish": "npm run snyk-protect && npm run build",
+    "snyk-protect": "snyk-protect"
   },
   "engines": {
     "node": ">=4.6"
@@ -86,5 +88,6 @@
   "optionalDependencies": {
     "bcrypt": "1.0.2",
     "uws": "^0.14.0"
-  }
+  },
+  "snyk": true
 }