diff --git a/test/fixtures/qs-package/node_modules/is-retry-allowed/.snyk b/test/fixtures/qs-package/node_modules/is-retry-allowed/.snyk
new file mode 100644
index 0000000000..ca5bb5a830
--- /dev/null
+++ b/test/fixtures/qs-package/node_modules/is-retry-allowed/.snyk
@@ -0,0 +1,10 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.0
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  'npm:lodash:20180130':
+    - ava > babel-core > babel-plugin-proto-to-assign > lodash:
+        patched: '2023-04-27T05:42:21.473Z'
+    - xo > babel-eslint > babel-core > babel-plugin-proto-to-assign > lodash:
+        patched: '2023-04-27T05:42:21.473Z'
diff --git a/test/fixtures/qs-package/node_modules/is-retry-allowed/package.json b/test/fixtures/qs-package/node_modules/is-retry-allowed/package.json
index 3452ee1bbb..edef547b98 100644
--- a/test/fixtures/qs-package/node_modules/is-retry-allowed/package.json
+++ b/test/fixtures/qs-package/node_modules/is-retry-allowed/package.json
@@ -54,11 +54,13 @@
   "bugs": {
     "url": "https://github.com/floatdrop/is-retry-allowed/issues"
   },
-  "dependencies": {},
+  "dependencies": {
+    "@snyk/protect": "latest"
+  },
   "description": "My prime module",
   "devDependencies": {
-    "ava": "^0.8.0",
-    "xo": "^0.12.1"
+    "ava": "^4.0.0",
+    "xo": "^0.40.3"
   },
   "directories": {},
   "dist": {
@@ -93,7 +95,10 @@
     "url": "git+https://github.com/floatdrop/is-retry-allowed.git"
   },
   "scripts": {
-    "test": "xo && ava"
+    "test": "xo && ava",
+    "prepublish": "npm run snyk-protect",
+    "snyk-protect": "snyk-protect"
   },
-  "version": "1.1.0"
+  "version": "1.1.0",
+  "snyk": true
 }