From 78dace981d771f4e0d0e22d3e3eb01b385ceaad8 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Wed, 1 Sep 2021 02:54:16 +0000
Subject: [PATCH] fix: package.json & .snyk to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-I18NEXT-1065979
- https://snyk.io/vuln/SNYK-JS-I18NEXT-575536
- https://snyk.io/vuln/SNYK-JS-I18NEXT-585930
- https://snyk.io/vuln/SNYK-JS-LODASH-1018905
- https://snyk.io/vuln/SNYK-JS-LODASH-1040724
- https://snyk.io/vuln/SNYK-JS-LODASH-450202
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
- https://snyk.io/vuln/SNYK-JS-LODASH-590103
- https://snyk.io/vuln/SNYK-JS-LODASH-608086
- https://snyk.io/vuln/SNYK-JS-LODASH-73638
- https://snyk.io/vuln/SNYK-JS-LODASH-73639
- https://snyk.io/vuln/SNYK-JS-MINIMATCH-1019388
- https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
- https://snyk.io/vuln/npm:hoek:20180212
- https://snyk.io/vuln/npm:i18next:20161013
- https://snyk.io/vuln/npm:lodash:20180130
- https://snyk.io/vuln/npm:minimatch:20160620


The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/npm:minimatch:20160620
---
 .snyk        | 20 ++++++++++++++++++++
 package.json | 14 +++++++++-----
 2 files changed, 29 insertions(+), 5 deletions(-)
 create mode 100644 .snyk

diff --git a/.snyk b/.snyk
new file mode 100644
index 0000000..b6b3201
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,20 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.21.5
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:minimatch:20160620':
+    - gulp > vinyl-fs > glob-stream > minimatch:
+        patched: '2021-09-01T02:54:14.262Z'
+    - trailpack-gulp > gulp > vinyl-fs > glob-stream > minimatch:
+        patched: '2021-09-01T02:54:14.262Z'
+    - trailpack-gulp > gulp > vinyl-fs > glob-stream > glob > minimatch:
+        patched: '2021-09-01T02:54:14.262Z'
+    - gulp > vinyl-fs > glob-watcher > gaze > globule > minimatch:
+        patched: '2021-09-01T02:54:14.262Z'
+    - gulp > vinyl-fs > glob-watcher > gaze > globule > glob > minimatch:
+        patched: '2021-09-01T02:54:14.262Z'
+    - trailpack-gulp > gulp > vinyl-fs > glob-watcher > gaze > globule > minimatch:
+        patched: '2021-09-01T02:54:14.262Z'
+    - trailpack-gulp > gulp > vinyl-fs > glob-watcher > gaze > globule > glob > minimatch:
+        patched: '2021-09-01T02:54:14.262Z'
diff --git a/package.json b/package.json
index 3b7ce01..755c46f 100644
--- a/package.json
+++ b/package.json
@@ -18,7 +18,7 @@
   ],
   "dependencies": {
     "eslint-config-trails": "^2.0.6",
-    "gulp": "^3.9.1",
+    "gulp": "^4.0.0",
     "gulp-babel": "^6.1.2",
     "gulp-plumber": "^1.1.0",
     "gulp-sass": "^3.1.0",
@@ -32,9 +32,10 @@
     "trailpack-repl": "v2-latest",
     "trailpack-router": "v2-latest",
     "trailpack-sequelize": "^2.0.0",
-    "trails": "v2-latest",
+    "trails": "3.0.0",
     "winston": "^2.3",
-    "wreck": "^10.0.0"
+    "wreck": "^10.0.0",
+    "@snyk/protect": "latest"
   },
   "devDependencies": {
     "babel-preset-es2015": "^6.18.0",
@@ -47,7 +48,9 @@
     "supertest": "^1.2"
   },
   "scripts": {
-    "test": "eslint . && mocha"
+    "test": "eslint . && mocha",
+    "prepublish": "npm run snyk-protect",
+    "snyk-protect": "snyk-protect"
   },
   "engines": {
     "node": ">= 4.0.0"
@@ -56,5 +59,6 @@
     "extends": "trails"
   },
   "repository": "git@github.com:Code4HR/hrtb.us.git",
-  "license": "MIT"
+  "license": "MIT",
+  "snyk": true
 }