How are Snyk patches created?

The Snyk security team creates the patch usually by backporting a fix which has been added to the dependency. Backporting is the action of taking a fix that was built for a particular version of a piece of software, and applying it to a previous version of that software, by updating it to be functionally identical but with the fix for the vulnerability applied. For more information take a look at redhat’s description