From d2fdda9ea800d963991053a5731cad05d98d38bf Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 10 Feb 2022 16:41:54 +0000
Subject: [PATCH] fix: package.json & yarn.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2396346
---
 package.json |  2 +-
 yarn.lock    | 27 +++++++++++++++++++++++++--
 2 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/package.json b/package.json
index e95c1336..72707970 100644
--- a/package.json
+++ b/package.json
@@ -50,7 +50,7 @@
     "bluebird": "^3.5.5",
     "botbuilder": "^3.16",
     "fast-xml-parser": "^3.12.16",
-    "google-auth-library": "1.6.1",
+    "google-auth-library": "3.0.0",
     "googleapis": "^40.0.1",
     "i18next": "^17.0.6",
     "lambda-log": "^2.3.0",
diff --git a/yarn.lock b/yarn.lock
index 9d762d15..20ab957a 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -1823,7 +1823,7 @@ function-bind@^1.1.1:
   version "1.1.1"
   resolved "https://registry.yarnpkg.com/function-bind/-/function-bind-1.1.1.tgz#a56899d3ea3c9bab874bb9773b7c5ede92f4895d"
 
-gaxios@^1.0.2, gaxios@^1.0.4, gaxios@^1.2.1, gaxios@^1.2.2:
+gaxios@^1.0.2, gaxios@^1.0.4, gaxios@^1.1.1, gaxios@^1.2.1, gaxios@^1.2.2:
   version "1.8.4"
   resolved "https://registry.yarnpkg.com/gaxios/-/gaxios-1.8.4.tgz#e08c34fe93c0a9b67a52b7b9e7a64e6435f9a339"
   dependencies:
@@ -1849,6 +1849,14 @@ gcp-metadata@^0.6.3:
     extend "^3.0.1"
     retry-axios "0.3.2"
 
+gcp-metadata@^0.9.3:
+  version "0.9.3"
+  resolved "https://registry.yarnpkg.com/gcp-metadata/-/gcp-metadata-0.9.3.tgz#1f9d7495f7460a14526481f29e11596dd563dd26"
+  integrity sha512-caV4S84xAjENtpezLCT/GILEAF5h/bC4cNqZFmt/tjTn8t+JBtTkQrgBrJu3857YdsnlM8rxX/PMcKGtE8hUlw==
+  dependencies:
+    gaxios "^1.0.2"
+    json-bigint "^0.3.0"
+
 gcp-metadata@^1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/gcp-metadata/-/gcp-metadata-1.0.0.tgz#5212440229fa099fc2f7c2a5cdcb95575e9b2ca6"
@@ -1961,7 +1969,22 @@ globals@^11.1.0:
   version "11.12.0"
   resolved "https://registry.yarnpkg.com/globals/-/globals-11.12.0.tgz#ab8795338868a0babd8525758018c2a7eb95c42e"
 
-google-auth-library@1.6.1, google-auth-library@^1.6.1:
+google-auth-library@3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/google-auth-library/-/google-auth-library-3.0.0.tgz#51a4e8630afb9dd574f8e480e7dd96fee78bd695"
+  integrity sha512-VvmNsg5bAzDZoOlZ2D2Poszok6yYfO5vr/gG8M1VOo+kxiiNbkpiUYG1RbZdjRcf/YRbUZiq2UAsixlw2zUdaQ==
+  dependencies:
+    base64-js "^1.3.0"
+    fast-text-encoding "^1.0.0"
+    gaxios "^1.1.1"
+    gcp-metadata "^0.9.3"
+    gtoken "^2.3.2"
+    https-proxy-agent "^2.2.1"
+    jws "^3.1.5"
+    lru-cache "^5.0.0"
+    semver "^5.5.0"
+
+google-auth-library@^1.6.1:
   version "1.6.1"
   resolved "https://registry.yarnpkg.com/google-auth-library/-/google-auth-library-1.6.1.tgz#9c73d831ad720c0c3048ab89d0ffdec714d07dd2"
   dependencies: