From 93845d910c5fef6d41f9e11d023060bfc461921a Mon Sep 17 00:00:00 2001
From: Jack Schofield <jjmschofield@googlemail.com>
Date: Fri, 31 Jan 2020 13:29:18 +0000
Subject: [PATCH] fix: use @snyk/configstore instead of configstore

Using a forked version of configstore to fix a a prototype pollution in its dependency dot-prop present in versions < 5.1.0
---
 package.json           | 2 +-
 src/lib/user-config.js | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package.json b/package.json
index b4f163687f..b541f117dd 100644
--- a/package.json
+++ b/package.json
@@ -55,6 +55,7 @@
   "license": "Apache-2.0",
   "dependencies": {
     "@snyk/cli-interface": "2.3.0",
+    "@snyk/configstore": "^3.2.0-rc1",
     "@snyk/dep-graph": "1.13.1",
     "@snyk/gemfile": "1.2.0",
     "@snyk/snyk-cocoapods-plugin": "2.0.1",
@@ -64,7 +65,6 @@
     "ansi-escapes": "3.2.0",
     "chalk": "^2.4.2",
     "cli-spinner": "0.2.10",
-    "configstore": "^3.1.2",
     "debug": "^3.1.0",
     "diff": "^4.0.1",
     "git-url-parse": "11.1.2",
diff --git a/src/lib/user-config.js b/src/lib/user-config.js
index b09d07e0f1..cfb852a08f 100644
--- a/src/lib/user-config.js
+++ b/src/lib/user-config.js
@@ -1,4 +1,4 @@
-const Configstore = require('configstore');
+const Configstore = require('@snyk/configstore');
 const pkg = require(__dirname + '/../../package.json');
 const config = new Configstore(pkg.name);