From 41aad31aebb3bb13f21a0f5c2c339edd53df8986 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Sat, 26 Mar 2022 02:38:02 +0000
Subject: [PATCH] fix: scss/package.json, scss/yarn.lock & scss/.snyk to reduce
 vulnerabilities

The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
---
 scss/.snyk        | 10 ++++++++++
 scss/package.json | 10 +++++++---
 scss/yarn.lock    |  5 +++++
 3 files changed, 22 insertions(+), 3 deletions(-)
 create mode 100644 scss/.snyk

diff --git a/scss/.snyk b/scss/.snyk
new file mode 100644
index 0000000..cb2760d
--- /dev/null
+++ b/scss/.snyk
@@ -0,0 +1,10 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.22.1
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-LODASH-567746:
+    - node-sass > sass-graph > lodash:
+        patched: '2022-03-26T02:37:54.209Z'
+    - node-sass > gaze > globule > lodash:
+        patched: '2022-03-26T02:37:54.209Z'
diff --git a/scss/package.json b/scss/package.json
index 58c568e..9d2777b 100644
--- a/scss/package.json
+++ b/scss/package.json
@@ -7,9 +7,13 @@
   "dependencies": {
     "@fortawesome/fontawesome-free": "^5.15.1",
     "bootstrap": "^4.5.3",
-    "node-sass": "^7.0.1"
+    "node-sass": "^7.0.1",
+    "@snyk/protect": "latest"
   },
   "scripts": {
-    "build": "node-sass --importer=./importer --output css"
-  }
+    "build": "node-sass --importer=./importer --output css",
+    "prepare": "yarn run snyk-protect",
+    "snyk-protect": "snyk-protect"
+  },
+  "snyk": true
 }
diff --git a/scss/yarn.lock b/scss/yarn.lock
index 03cca6c..1650295 100644
--- a/scss/yarn.lock
+++ b/scss/yarn.lock
@@ -49,6 +49,11 @@
     mkdirp "^1.0.4"
     rimraf "^3.0.2"
 
+"@snyk/protect@^1.883.0":
+  version "1.883.0"
+  resolved "https://registry.yarnpkg.com/@snyk/protect/-/protect-1.883.0.tgz#048015d4e0f1c18b6abc7e2773b6374b620bd399"
+  integrity sha512-N/EqG6P/qNYWOfuZAfGS1d7yGwGY4zV7AvKtgTzdhazDt7G/mRLG6czLSWNWGEFYBiMsYRVPHdc5It3bjhmIGw==
+
 "@tootallnate/once@1":
   version "1.1.2"
   resolved "https://registry.yarnpkg.com/@tootallnate/once/-/once-1.1.2.tgz#ccb91445360179a04e7fe6aff78c00ffc1eeaf82"