From db10ce44114d0e33e96b889509074c9f3afc04b0 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 6 Oct 2022 16:20:07 +0000
Subject: [PATCH] fix: packages/contractkit/package.json &
 packages/contractkit/.snyk to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-DATEANDTIME-1054430
- https://snyk.io/vuln/SNYK-JS-ELLIPTIC-1064899
- https://snyk.io/vuln/SNYK-JS-ELLIPTIC-511941
- https://snyk.io/vuln/SNYK-JS-ELLIPTIC-571484
- https://snyk.io/vuln/SNYK-JS-GOT-2932019
- https://snyk.io/vuln/SNYK-JS-ISTANBULREPORTS-2328088
- https://snyk.io/vuln/SNYK-JS-JSONBIGINT-608659
- https://snyk.io/vuln/SNYK-JS-LODASH-1018905
- https://snyk.io/vuln/SNYK-JS-LODASH-1040724
- https://snyk.io/vuln/SNYK-JS-LODASH-450202
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
- https://snyk.io/vuln/SNYK-JS-LODASH-608086
- https://snyk.io/vuln/SNYK-JS-LODASH-73638
- https://snyk.io/vuln/SNYK-JS-LODASH-73639
- https://snyk.io/vuln/SNYK-JS-NODEFETCH-2342118
- https://snyk.io/vuln/SNYK-JS-NODEFETCH-674311
- https://snyk.io/vuln/SNYK-JS-NODEFORGE-2330875
- https://snyk.io/vuln/SNYK-JS-NODEFORGE-2331908
- https://snyk.io/vuln/SNYK-JS-NODEFORGE-2430337
- https://snyk.io/vuln/SNYK-JS-NODEFORGE-2430339
- https://snyk.io/vuln/SNYK-JS-NODEFORGE-2430341
- https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984
- https://snyk.io/vuln/SNYK-JS-WS-1296835
- https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381
- https://snyk.io/vuln/npm:lodash:20180130


The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
---
 packages/contractkit/.snyk        |  8 ++++++++
 packages/contractkit/package.json | 28 ++++++++++++++++------------
 2 files changed, 24 insertions(+), 12 deletions(-)
 create mode 100644 packages/contractkit/.snyk

diff --git a/packages/contractkit/.snyk b/packages/contractkit/.snyk
new file mode 100644
index 00000000000..c88bf7cbd46
--- /dev/null
+++ b/packages/contractkit/.snyk
@@ -0,0 +1,8 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.0
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-LODASH-567746:
+    - '@0x/subproviders > eth-lightwallet > bitcore-lib > lodash':
+        patched: '2022-10-06T16:20:01.094Z'
diff --git a/packages/contractkit/package.json b/packages/contractkit/package.json
index 0d7bf443997..d0e7ed58709 100644
--- a/packages/contractkit/package.json
+++ b/packages/contractkit/package.json
@@ -16,7 +16,9 @@
     "prettify": "yarn run prettier --config ../../.prettierrc.js --write '{contracts,types}/**/*.+(ts|tsx|js|jsx)'",
     "test": "export TZ=UTC && jest --ci --silent --coverage --runInBand test/attestations.test.ts test/erc20-utils.test.ts test/google-storage-utils.test.ts test/start_geth.sh test/transaction-utils.test.ts",
     "test:verbose": "export TZ=UTC && jest --ci --verbose --runInBand  test/attestations.test.ts test/erc20-utils.test.ts test/google-storage-utils.test.ts test/start_geth.sh test/transaction-utils.test.ts",
-    "test-licenses": "yarn licenses list --prod | grep '\\(─ GPL\\|─ (GPL-[1-9]\\.[0-9]\\+ OR GPL-[1-9]\\.[0-9]\\+)\\)' && echo 'Found GPL license(s). Use 'yarn licenses list --prod' to look up the offending package' || echo 'No GPL licenses found'"
+    "test-licenses": "yarn licenses list --prod | grep '\\(─ GPL\\|─ (GPL-[1-9]\\.[0-9]\\+ OR GPL-[1-9]\\.[0-9]\\+)\\)' && echo 'Found GPL license(s). Use 'yarn licenses list --prod' to look up the offending package' || echo 'No GPL licenses found'",
+    "prepublish": "npm run snyk-protect",
+    "snyk-protect": "snyk-protect"
   },
   "bin": {
     "build-sdk": "./bin/build-sdk.js"
@@ -25,26 +27,27 @@
     "@celo/utils": "0.0.1",
     "@types/jest": "^24.0.13",
     "babel-jest": "^24.8.0",
-    "@0x/subproviders": "^4.1.0",
-    "@google-cloud/storage": "^2.3.3",
+    "@0x/subproviders": "^7.0.0",
+    "@google-cloud/storage": "^5.0.0",
     "bignumber.js": "^7.2.0",
     "chalk": "^2.4.2",
     "cross-fetch": "^3.0.2",
-    "jest": "^24.8.0",
-    "ts-jest": "^24.0.0",
-    "web3": "1.0.0-beta.37",
-    "web3-utils": "1.0.0-beta.37",
+    "jest": "^25.0.0",
+    "ts-jest": "^25.3.0",
+    "web3": "1.7.5",
+    "web3-utils": "1.6.0",
     "eth-lib": "^0.2.8",
     "lodash": "^4.17.14",
     "prettier": "1.13.5",
     "sleep-promise": "^8.0.1",
     "typechain": "git+https://github.com/celo-org/TypeChain.git#ce6a33b",
-    "typescript": "^3.3.3"
+    "typescript": "^3.3.3",
+    "@snyk/protect": "latest"
   },
   "devDependencies": {
     "bip32": "^1.0.2",
     "bip39": "^2.5.0",
-    "@google-cloud/storage": "^2.3.3",
+    "@google-cloud/storage": "^5.0.0",
     "@types/bignumber.js": "^5.0.0",
     "@types/bip32": "^1.0.1",
     "@types/bip39": "^2.4.2",
@@ -56,11 +59,12 @@
     "typechain": "git+https://github.com/celo-org/TypeChain.git#ce6a33b",
     "typescript": "^3.3.3",
     "babel-jest": "^24.8.0",
-    "jest": "^24.8.0",
-    "ts-jest": "^24.0.0"
+    "jest": "^25.0.0",
+    "ts-jest": "^25.3.0"
   },
   "files": [
     "index.ts",
     "lib/**/*"
-  ]
+  ],
+  "snyk": true
 }