From 5aa7b767a8821ef758cf24b5e5584e490a80ecfa Mon Sep 17 00:00:00 2001
From: Karl Horky <karl.horky@gmail.com>
Date: Sun, 22 Mar 2020 17:53:50 +0100
Subject: [PATCH 1/5] Update mkdirp to fix minimist vulnerability

`mkdirp` has been updated to version `0.5.3`

https://github.com/isaacs/node-mkdirp/issues/7#issuecomment-600231795

This addresses this prototype pollution vulnerability in `minimist`:

https://app.snyk.io/vuln/SNYK-JS-MINIMIST-559764
---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 8358c99f..956d7ad4 100644
--- a/package.json
+++ b/package.json
@@ -16,7 +16,7 @@
     "highland": "2.13.4",
     "html-minifier": "4.0.0",
     "minimalcss": "0.8.2",
-    "mkdirp": "0.5.1",
+    "mkdirp": "^0.5.3",
     "puppeteer": "^1.8.0",
     "serve-static": "1.14.1",
     "sourcemapped-stacktrace-node": "2.1.8"

From 9fd580ea289be253c70da31b871608af88361197 Mon Sep 17 00:00:00 2001
From: Karl Horky <karl.horky@gmail.com>
Date: Wed, 25 Mar 2020 16:15:33 +0100
Subject: [PATCH 2/5] Upgrade mkdirp

---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 956d7ad4..e5073f8b 100644
--- a/package.json
+++ b/package.json
@@ -16,7 +16,7 @@
     "highland": "2.13.4",
     "html-minifier": "4.0.0",
     "minimalcss": "0.8.2",
-    "mkdirp": "^0.5.3",
+    "mkdirp": "^0.5.4",
     "puppeteer": "^1.8.0",
     "serve-static": "1.14.1",
     "sourcemapped-stacktrace-node": "2.1.8"

From 4417f498ef1ac6f374bd3eedbe775538b98e1167 Mon Sep 17 00:00:00 2001
From: Karl Horky <karl.horky@gmail.com>
Date: Wed, 25 Mar 2020 16:17:27 +0100
Subject: [PATCH 3/5] Update lockfile

---
 yarn.lock | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/yarn.lock b/yarn.lock
index 5342afe6..20117a24 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -2558,6 +2558,11 @@ minimist@^1.1.1, minimist@^1.2.0:
   version "1.2.0"
   resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.0.tgz#a35008b20f41383eec1fb914f4cd5df79a264284"
 
+minimist@^1.2.5:
+  version "1.2.5"
+  resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.5.tgz#67d66014b66a6a8aaa0c083c5fd58df4e4e97602"
+  integrity sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==
+
 minimist@~0.0.1:
   version "0.0.10"
   resolved "https://registry.yarnpkg.com/minimist/-/minimist-0.0.10.tgz#de3f98543dbf96082be48ad1a0c7cda836301dcf"
@@ -2588,6 +2593,13 @@ mkdirp@0.5.1, mkdirp@^0.5.0, mkdirp@^0.5.1:
   dependencies:
     minimist "0.0.8"
 
+mkdirp@^0.5.4:
+  version "0.5.4"
+  resolved "https://registry.yarnpkg.com/mkdirp/-/mkdirp-0.5.4.tgz#fd01504a6797ec5c9be81ff43d204961ed64a512"
+  integrity sha512-iG9AK/dJLtJ0XNgTuDbSyNS3zECqDlAhnQW4CsNxBG3LQJBbHmRX1egw39DmtOdCAqY+dKXV+sgPgilNWUKMVw==
+  dependencies:
+    minimist "^1.2.5"
+
 ms@2.0.0:
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/ms/-/ms-2.0.0.tgz#5608aeadfc00be6c2901df5f9861788de0d597c8"

From 21520badaf40aae3785e5daac63eb5021b408a1d Mon Sep 17 00:00:00 2001
From: Karl Horky <karl.horky@gmail.com>
Date: Tue, 7 Apr 2020 15:07:10 +0200
Subject: [PATCH 4/5] Upgrade to at least 0.5.5

---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index e5073f8b..f0628b0e 100644
--- a/package.json
+++ b/package.json
@@ -16,7 +16,7 @@
     "highland": "2.13.4",
     "html-minifier": "4.0.0",
     "minimalcss": "0.8.2",
-    "mkdirp": "^0.5.4",
+    "mkdirp": "^0.5.5",
     "puppeteer": "^1.8.0",
     "serve-static": "1.14.1",
     "sourcemapped-stacktrace-node": "2.1.8"

From 34d4a68f1b5abc27a5654884b77be5814c402767 Mon Sep 17 00:00:00 2001
From: Karl Horky <karl.horky@gmail.com>
Date: Tue, 7 Apr 2020 15:08:11 +0200
Subject: [PATCH 5/5] Update lockfile

---
 yarn.lock | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/yarn.lock b/yarn.lock
index 20117a24..a981fdf7 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -2593,10 +2593,10 @@ mkdirp@0.5.1, mkdirp@^0.5.0, mkdirp@^0.5.1:
   dependencies:
     minimist "0.0.8"
 
-mkdirp@^0.5.4:
-  version "0.5.4"
-  resolved "https://registry.yarnpkg.com/mkdirp/-/mkdirp-0.5.4.tgz#fd01504a6797ec5c9be81ff43d204961ed64a512"
-  integrity sha512-iG9AK/dJLtJ0XNgTuDbSyNS3zECqDlAhnQW4CsNxBG3LQJBbHmRX1egw39DmtOdCAqY+dKXV+sgPgilNWUKMVw==
+mkdirp@^0.5.5:
+  version "0.5.5"
+  resolved "https://registry.yarnpkg.com/mkdirp/-/mkdirp-0.5.5.tgz#d91cefd62d1436ca0f41620e251288d420099def"
+  integrity sha512-NKmAlESf6jMGym1++R0Ra7wvhV+wFW63FaSOFPwRahvea0gMUcGUhVeAg/0BC0wiv9ih5NYPB1Wn1UEI1/L+xQ==
   dependencies:
     minimist "^1.2.5"