From 18e38fe5b372d0fb9ca921063e7ef0fa859d6bf3 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Fri, 1 May 2020 01:22:23 +0100
Subject: [PATCH 1/2] fix: package.json & .snyk to reduce vulnerabilities

The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
---
 package.json | 60 +++++++++++++++++++++++++++++-----------------------
 1 file changed, 33 insertions(+), 27 deletions(-)

diff --git a/package.json b/package.json
index c393121ce..a3b9e0692 100644
--- a/package.json
+++ b/package.json
@@ -1,29 +1,35 @@
 {
-    "name": "cryptonote-nodejs-pool",
-    "version": "1.3.4",
-    "license": "GPL-2.0",
-    "author": "Daniel Vandal",
-    "repository": {
-        "type": "git",
-        "url": "https://github.com/dvandal/cryptonote-nodejs-pool.git"
-    },
-    "dependencies": {
-        "async": "1",
-        "base58-native": "*",
-        "bignum": "*",
-        "cli-color": "*",
-        "cryptoforknote-util": "git://github.com/MoneroOcean/node-cryptoforknote-util.git",
-        "cryptonight-hashing": "git://github.com/MoneroOcean/node-cryptonight-hashing.git",
-        "dateformat": "*",
-        "mailgun.js": "*",
-        "node-telegram-bot-api": "*",
-        "nodemailer": "2.7.2",
-        "nodemailer-sendmail-transport": "*",
-        "redis": "*",
-        "socket.io": "*",
-        "time-ago": "*"
-    },
-    "engines": {
-        "node": ">=4.0"
-    }
+  "name": "cryptonote-nodejs-pool",
+  "version": "1.3.4",
+  "license": "GPL-2.0",
+  "author": "Daniel Vandal",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/dvandal/cryptonote-nodejs-pool.git"
+  },
+  "dependencies": {
+    "async": "1",
+    "base58-native": "*",
+    "bignum": "*",
+    "cli-color": "*",
+    "cryptoforknote-util": "git://github.com/MoneroOcean/node-cryptoforknote-util.git",
+    "cryptonight-hashing": "git://github.com/MoneroOcean/node-cryptonight-hashing.git",
+    "dateformat": "*",
+    "mailgun.js": "*",
+    "node-telegram-bot-api": "*",
+    "nodemailer": "2.7.2",
+    "nodemailer-sendmail-transport": "*",
+    "redis": "*",
+    "socket.io": "*",
+    "time-ago": "*",
+    "snyk": "^1.316.1"
+  },
+  "engines": {
+    "node": ">=4.0"
+  },
+  "scripts": {
+    "snyk-protect": "snyk protect",
+    "prepublish": "npm run snyk-protect"
+  },
+  "snyk": true
 }

From 1e6344602b0e180540e5ac67ef2253e5ac1fd9d4 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Fri, 1 May 2020 01:22:24 +0100
Subject: [PATCH 2/2] fix: package.json & .snyk to reduce vulnerabilities

The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
---
 .snyk | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 .snyk

diff --git a/.snyk b/.snyk
new file mode 100644
index 000000000..a4f01baa3
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,8 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.14.1
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-LODASH-567746:
+    - node-telegram-bot-api > request-promise > request-promise-core > lodash:
+        patched: '2020-05-01T00:22:21.406Z'